Security

Gosh, these 'hacker' nerds are only getting more sophisticated

Trustwave report flags up the security flashpoints of 2017

By John Leyden

8 SHARE

Hackers have moved away from simple point-of-sale (POS) terminal attacks to more refined assaults on corporations' head offices.

An annual report from security firm Trustwave out today highlighted increased sophistication of web app hacking and social engineering tactics on the part of miscreants.

Half of the incidents investigated involved corporate and internal networks (up from 43 per cent in 2016) followed by e-commerce environments at 30 per cent. Incidents affecting POS systems decreased by more than a third to 20 per cent of the total. This is reflective of increased attack sophistication, honing in on larger service providers and franchise head offices and less on smaller high-volume targets in previous years.

In corporate network environments, phishing and social engineering at 55 per cent was the leading method of compromise followed by malicious insiders at 13 per cent and remote access at 9 per cent. "CEO fraud", a social engineering scam encouraging executives to authorise fraudulent money transactions, continues to increase, Trustwave added.

Targeted web attacks are becoming prevalent and much more sophisticated. Many breach incidents show signs of careful planning by cybercriminals probing for weak packages and tools to exploit. Cross-site scripting (XSS) was involved in 40 per cent of attack attempts, followed by SQL Injection (SQLi) at 24 per cent, Path Traversal at 7 per cent, Local File Inclusion (LFI) at 4 per cent, and Distributed Denial of Service (DDoS) at 3 per cent.

Last year also witnessed a marked increase, up 9.5 per cent, in compromises at businesses that deliver IT services including web-hosting providers, POS integrators and help-desk providers. A breach of just one provider opens the gates to a multitude of new targets. In 2016 service provider compromises did not even register in the statistics.

Although down from the previous year, payment card data at 40 per cent still reigns supreme in terms of data types targeted in a breach. Surprisingly, incidents targeting hard cash was on the rise at 11 per cent mostly due to fraudulent ATM transaction breaches enabled by compromise of account management systems at financial institutions.

North America still led in data breaches investigated by Trustwave at 43 per cent followed by the Asia Pacific region at 30 per cent, Europe, Middle East and Africa (EMEA) at 23 per cent and Latin America at 4 per cent. The retail sector suffered the most breach incidences at 16.7 per cent followed by the finance and insurance industry at 13.1 per cent and hospitality at 11.9 per cent.

Trustwave gathered and analysed real-world data from hundreds of breach investigations the company conducted in 2017 across 21 countries. This data was added to billions of security and compliance events logged each day across the global network of Trustwave operations centres, along with data from tens of millions of network vulnerability scans, thousands of web application security scans, tens of millions of web transactions, penetration tests and more.

All the web applications tested displayed at least one vulnerability with 11 as the median number detected per application. The majority (85.9 per cent) of web application vulnerabilities involved session management allowing an attacker to eavesdrop on a user session to seize sensitive information.

The number of vulnerabilities patched in five of the most common database products was 119, down from 170 in 2016. 53 percent of computers with SMBv1 enabled were vulnerable to MS17-010 "EternalBlue" exploits used to disseminate the WannaCry and NotPetya ransomware attacks.

The 2018 Trustwave Global Security Report is available here. ®

Sign up to our NewsletterGet IT in your inbox daily

8 Comments

More from The Register

Someone needs to go back to school: Texas district fleeced for $2.3m after staff fall for devious phishing email

FBI probes massive fraud

Just say the 'magic password': Boffins turn up potential backdoor in SQL Server 2012, 2014

Admin rights needed to fire up the malware and – hey presto!

Das Reboot: Uni forces 38,000 students, staff to queue, show their papers for password reset following 'cyber attack'

School in Germany rolls out credential refresh with printed ID requirement

Want to live long and prosper? Avoid pirated, malware-laden Star Wars free vid streams – and pay to watch instead

Poisoned movie feeds will do more damage than an angry Dalek

Password managers may leave your online crown jewels 'exposed in RAM' to malware – but hey, they're still better than the alternative

Updated The alternative being memorizing a load of really long unique passphrases

In a desperate bid to stay relevant in 2020's geopolitical upheaval, N. Korea upgrades its Apple Jeus macOS malware

Nork cash grab nasty gets stealthier

Microsoft changes encryption, another D-Link bug, phishing dangers, and more

Roundup Plus, Baltimore's disastrous ransomware infection and worse IT practices

Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher

Exclusive Crooks fail to hijack infosec bloke's site to dress it up as a legit Euro bank login page

Oil be damned: Iran-based crooks flinging malware at Middle Eastern energy plants again – research

ZeroCleare wipes up where Shamoon left off

Kaspersky warns of encryption-busting Reductor malware

Infection manipulates browsers to snoop on TLS comms

Whitepapers

Reduce Redis Enterprise Deployment Cost, Complexity with Intel Optane DC Persistent Memory

Intel has prepared this Optane DC persistent memory kit to help you reduce Redis Enterprise deployments cost and complexity with 2nd generation Intel Xeon scalable processors and Intel Optane DC persistent memory.

The Rise of Machine Learning (ML) in Cybersecurity

While many are guarding the front door with yesterday’s signature-based AV solutions, today’s malware walks out the back door with all their data.

Security Advisory: Is Your Enterprise Data Being "Phoned Home"?

This report provides four real-world examples of vendors “phoning home” data in an unauthorized manner, observed by ExtraHop customers in 2018 and the first weeks of 2019.

Get an Office 365 Experience Your Users Will Love

Office 365 can transform your business, but only if your network is up to the task. Here’s what Microsoft recommends.