Press release

New Trustwave Report Underscores Progressing Global Cybersecurity Threats

0
Sponsored by Businesswire

Trustwave today released the 2019
Trustwave Global Security Report
, which reveals the top security
threats, breaches by industry and cybercrime trends from 2018.

The report is based on the analysis of billions of logged security and
compromise events worldwide, hundreds of hands-on data-breach and
forensic investigations, manual penetration tests, network vulnerability
scans and internal research. Findings illustrate cybercriminals
deviating towards a more focused approach against targets by using
better obfuscation techniques and improved social engineering skills as
organizations improve in areas such as time to detection and response to
threats.

Key findings from the 2019
Trustwave Global Security Report include
:

  • Asia Pacific and retail lead in data breaches — The
    Asia-Pacific region led in the number of data compromises
    investigated, accounting for 35% of instances and overtaking North
    America at 30%, down from 43% in 2017. Europe, Middle East and Africa
    (EMEA) came in third at 27%, followed by Latin America & Caribbean
    (LAC) at 8%. The retail sector experienced the highest number of
    incidences at 18%. The finance sector came in second at 11% and
    hospitality third at 10%, each slightly dropping from 13% and 12%,
    respectively, from the previous year.
  • Email threats becoming more focused — Spam messages analyzed
    containing malware significantly diminished in 2018, to 6% from 26% in
    2017. This drop can be attributed to a shift in tactics to shorter,
    more regional campaigns from Necurs, the largest malicious spamming
    botnet. For example, sextortion email campaigns designed to dupe
    victims into paying large ransoms by playing on fears that
    compromising videos exist on the recipient was nearly non-existent in
    2017 yet rose toward the end of 2018 to account for 10% of all spam
    analyzed.
  • Malware becoming harder to detect — Slightly down from the
    previous year, the largest single category of malware encountered was
    downloaders at 13%. Remote access Trojans (RATs) at 10% and web shells
    at 8%, both of which give attackers extensive control over compromised
    computers, were the second and third most common types of malware
    discovered. Memory scrapers and dumpers used to steal payment card
    numbers from point-of-sale (POS) systems saw a sharp decline from 16%
    in 2017 to just 8% in 2018 as Europay, Mastercard and Visa (EMV) chip
    technologies become more prevalent. Sixty-seven percent of malware
    analyzed used obfuscation to help avoid detection, an astounding leap
    from 30% the previous year.
  • Denial-of-service tops database vulnerability patching — The
    number of vulnerabilities patched in five of the most common database
    products was 148, up from 119 in 2017. At 62%, denial-of-service (DoS)
    vulnerabilities used primarily for disruption accounted for the most
    vulnerabilities discovered across all major platforms in 2018. Far
    more serious information disclosure and privilege-escalation
    vulnerabilities used to gain unauthorized access and manipulate
    sensitive data accounted for 8.7% and 8.1% of patching incidents,
    respectively.
  • Social engineering: cybercrime’s favored method of compromise
    Social engineering was the top method of compromise in 2018 in every
    environment analyzed other than e-commerce. In both cloud and
    POS environments, 60% of breach investigations can attribute
    successful social engineering as the conduit to initial point of
    entry. Social engineering in corporate and internal environments were
    slightly less yet significant at 46%. Analysis of phishing scams
    targeting those with authority to transfer company funds, known as
    business email compromise (BEC) or CEO fraud, revealed interesting
    results: 84% of BEC messages used free webmail services for
    distribution, 12% used spoofed company domains and 4% elected to
    employ misspelled or lookalike domain names to deceive recipients.
  • Card-not-present data most valued by cybercriminals — Payment
    card data led in the types of information most coveted by
    cybercriminals, comprising 36% of breach incidents observed. Most
    notable: card-not-present data at 25% rose 7% from the previous year
    largely due to increased Magecart attacks targeting e-commerce sites,
    while magnetic stripe data fell 11%, coming in at 11% of incidents
    observed in 2018. The decline in magnetic stripe data incidents can be
    correlated with increased global adoption of EMV chip technology
    designed to better protect POS systems.
  • Marked improvements in threat response time The
    median time duration from threat intrusion to containment fell to 27
    days, from 67 days in 2017, and the median time between intrusion and
    detection for externally detected compromises fell to 55 days, down
    from 83 days in 2017. Adoption of technologies such as endpoint
    detection and response (EDR), behavioral analytics and stronger
    organizational security maturity helped lead to improvements.
  • Cryptojacking dominates web-based attacks — A steep
    year-over-year increase of 1,250% was observed in cryptojacking
    malware, which was almost non-existent in 2017. Used to covertly place
    legitimate JavaScript coin miners on websites or infect carrier-grade
    routers, cryptojacking malware illegally mines cryptocurrency for
    cybercriminals using the computing resources of unsuspecting victims.
    In 97% of the 2,585 websites observed that were known to be
    compromised, the now-defunct Coinhive miner was preferred.
  • All web applications found to be vulnerable For a
    second straight year, 100% of web applications tested possessed at
    least one vulnerability, with the median number of vulnerabilities
    rising to 15, up from 11 in 2017. Of more than 45,000 vulnerabilities
    discovered by Trustwave penetration testers, 80% were classified as
    low risk, with the remaining 20% deemed medium to critical. The most
    common critical weakness involved omission of Microsoft Security
    Update MS17-010, which fixes the ETERNALBLUE vulnerability in the
    Server Message Block (SMB) protocol used for local network
    communication.
  • Corporate and internal networks at most risk — Fifty-seven
    percent of the incidents investigated involved corporate and internal
    networks (up from 50% in 2017), followed by e-commerce environments at
    27%. Incidents impacting POS systems decreased by more than half to
    just 9% of the total occurrences reflecting EMV use as a successful
    technology.

“Our 2018 findings portray a story about adaptiveness, both from a
business and cybercriminal perspective,” said Arthur Wong, Chief
Executive Officer at Trustwave. “We are seeing the global threat
landscape continue to evolve as cybercriminals deterred by advanced
monitoring and detection systems go to extraordinary lengths to breach
organizations by wielding new malware variants, zero-day exploits and
social engineering savvy. It’s becoming imperative for businesses
accelerating digital transformation to implement security programs that
can quickly address attack innovation and ever-changing environments
through leading-edge technologies and high-level security expertise.”

Data Sources

Trustwave experts gathered and analyzed real-world data from hundreds of
breach investigations that the company conducted in 2018 across 19
countries. This data was added to billions of security events logged
each day across a global network of Trustwave
Advanced Security Operations Centers
, along with deep analysis
of tens of billions of email messages; tens of millions of web
transactions; thousands of penetration tests across databases, networks
and applications; and telemetry from both native and partner
technologies distributed across the globe.

To download a complimentary copy of the 2019 Trustwave Global Security
Report, visit: www.trustwave.com/gsr.

About Trustwave

Trustwave is a leading cybersecurity and managed security services
provider that helps businesses fight cybercrime, protect data and reduce
security risk. Offering a comprehensive portfolio of managed security
services, security testing, consulting, technology solutions and
cybersecurity education, Trustwave helps businesses embrace digital
transformation securely. Trustwave is a Singtel company and the global
security arm of Singtel, Optus and NCS, with customers in 96 countries.
For more information about Trustwave, visit https://www.trustwave.com.