How the cyber crime business model is changing
Cyber crime is an increasingly serious business and a new report released today by Trustwave looks at the top trends from the past year based on real-world data from data breach investigations.
Key findings from the report include that 97 percent of applications tested by Trustwave in 2015 had at least one vulnerability. In addition 10 percent of the vulnerabilities discovered were rated as critical or high risk.
Retail is the industry most commonly targeted by criminals, accounting for 23 percent of Trustwave investigations, followed by hospitality at 14 percent and food and beverage at 10 percent. The findings show that eCommerce breaches accounted for 38 percent of investigations, compared to 42 percent in 2014. Twenty-two percent were of point-of-sale (POS) breaches. The Magneto open source platform accounted for 85 percent of eCommerce breaches. At least five critical Magento vulnerabilities were identified in 2015, and most of the affected systems weren't fully updated with security patches.
In 60 percent of investigations, attackers were after payment card data, split about evenly between card track (magnetic stripe) data (31 percent of incidents), which came mainly from POS environments, and card-not-present data (29 percent), which mostly came from eCommerce transactions.
"Cybercriminals have been congregating and organizing for years, but 2015 showed a marked increase in the behavior we would normally associate with legitimate businesses," says Trustwave chief executive officer and president Robert J McCullen. "Based on the study of numerous security incidents, exploit kits and malvertising campaigns, our 2016 Trustwave Global Security Report shows businesses how and where these sophisticated criminal organizations are most likely to attack, and more importantly, how to defend their assets".
Other findings include a shift in spam subjects. In 2015, the portion of pharmaceutical spam dropped dramatically, to 39 percent from almost 75 percent the previous year, which was still enough to make it the largest share of any category. Spam related to online dating sites and adult products made a combined five-fold leap from six percent in 2014 to 30 percent in 2015. Five percent of overall spam included a malicious attachment or link, a one point decrease from 2014.
You can see more findings in the full report which is available to download from the Trustwave website.