Hackers continue to improve their malware, while 3rd-party vendors continue to under serve their clients when it comes to data security, and Russia appears as the single biggest source of attacks on databases according to the new Global Security Report 2011 from Trustwave. The report is based on more than 200 data-breach investigations and 2,300 penetration tests conducted in 2010. Payment card data once again was the most sought-after asset in 85% of Trustwave’s cases. Sensitive company data were next at 8%, followed by trade secrets at 3%. As reported last year, hotels were the major target in 2009. This has shifted to food and beverage merchants in 2010.
Criminals used malware to harvest data in 76% of Trustwave’s investigations, a 23% increase from 2009. They also used malware in 44% of cases to exfiltrate data from targeted computer systems. The malware is getting more sophisticated, becoming virtually undetectable by current anti-virus products, according to Trustwave. Still, many of the issues found point to human error or indifference, and not much has changed from 2009. 3rd parties were responsible for system admin in 88% of Trustwave’s 2010 investigations, often taking shortcuts such as leaving in default passwords or failing to activate firewalls. Such shortcuts often go undetected by merchants who trust their hired security experts.
- 95% or more entities failed to meet PCI requirements. Almost 98% failed to maintain a firewall!
- 57% of breached entities were food and beverage merchants
- 18% were retailers
- 10% were in the hospitality trade
- 6% were government and 6% were financial companies.
- This is the first year that Trustwave has broken down attacks by geo-location.
- Note: IP addresses used to geo-locate a computer can be masked and do not always correctly indicate a hacker’s location.
- The Russian Federation came in first as the origin of 32% of the attacks investigated.
- Unknown locations were second at 24%
- Venezuela 7%
- US 6%
- Canada and Indonesia 4% each
- Germany 3%
- Data in transit were harvested in 66% of Trustwave’s breaches
- 26.5% for stored data
- 7.5% for hybrid harvesting methods
- Remote-access application was the method of entry in 55% of cases investigated