Retailers, and especially e-commerce sites, came under increasing attack from hackers during 2012, with cybercriminals targeting customers’’ private information in order to steal directly from them.
This is one of the findings of a Trustwave Global Security Report, which consolidated information from 450 global data breach investigations, more than 2 500 penetration tests, more than 9-million Web application attacks, more than 2-million network and vulnerability scans, 5-million malicious Web sites, 20-billion e-mails as well as research and analysis of zero-day security threats.
Andrew Kirkland, sales director: Middle East & Africa at Trustwave, says consumers simply assume that the merchants and banks they deal with ensure the systems are secure, and may fail to take proper care of their own personal information.
One of the more worrying findings from the report, he adds, is that the length of time companies are compromised before realising and acting on a breach has grown. In some cases, this is as long as seven months.
The new report shows that the retail industry now accounts for 45% of Trustwave data breach investigations – a 15% increase from 2011, and e-commerce overtaking point of sale attacks.
Mobile malware is also growing, says Kirkland, with a 400% increase seen in this area. Android-specific malware grew from 50 000 in 2011 to 200 000 in 2012, with no sign of abating.
Users and businesses often lay themselves open to attack, Kirkland adds, but neglecting simple things like strong password. Out of 3-million passwords analysed, 50% of business users still use common or easy-to-guess password, with ““password1”” being the most common.
Other key findings from the report include:
* Applications are the most popular attack vector, with e-commerce accounting for 48% of all investigations;
* 64% of organisations attacked took more than 90 days to detect an intrusion, with the average time being 210 days – 35 days longer than in 2011. In addition, 5% took more than three years to identify criminal activity. And most victim organisation still rely on third parties, customers, law enforcement or regulatory bodies to notify them that a breach has occurred;
* Employees leave the door open to attacks, due to either lack of education of policy enforcement, often picking weak passwords, clicking on phishing links or sharing company information on public and social platforms;
* Attacks were discovered to originate in 29 different countries, with the largest percentage – at 34,4% – being in Romania;
* Spam volume shrank in 2011 but still represents 75,2% of a typical organisation’s inbound e-mail, with about 10% of spam e-mail being malicious;
* 63% of investigations found that a third-party responsible for the business’s system support, development or maintenance introduced security deficiencies that were easily exploited by hackers;
* The two most common methods of intrusion SQL injection and remote access – made up 73% of the infiltration methods; and
* Of the 450 cases investigated in 2012, about 40 variations of malware were found. There were traced to six criminal groups, three of them having caused the majority of payment of service credit card breaches.
Kirkland points out that cybercrime is a major industry in its own right, and cybercriminals are quick to exploit any vulnerabilities or find ways to breach new security measures.
In addition, Africa is now on the radar as a prime target, since many organisations are still not PCI compliant, he says.