Trustwave today released the 2017 Trustwave Global Security Report which
reveals the top cybercrime, data breach and security threat trends from
2016. The report demonstrates both good and bad news in the world of
cybersecurity as intrusion detection and breach containment times were
relatively better, but other threats like malvertisements became cheaper
and malicious spam saw increases.
Key highlights from the 2017 Trustwave Global Security Report include:
- Intrusion detection gets better, especially when breaches are self-detected: The
median number of days from an intrusion to detection of a compromise
decreased to 49 days in 2016 from 80.5 days in 2015, with values ranging
from zero days to almost 2,000 days (more than five years). For
internally detected incident the median was 16 days, while 65 was the
median number of days for externally detected incidents.
- Once detected, victims contain breaches relatively quickly: The
median number of days from detection to containment was 2.5 in 2016
with values ranging from -360 days, meaning the intrusion ended 360 days
before detection, to 289 days. In cases where containment occurred
after detection, the median duration was 13 days from detection to
containment.
- Intrusion containment remains stagnant: The
median number of days from an intrusion to containment of a compromise
stayed relatively the same at 62 days in 2016 compared to 63 days in
2015.
- North America and retail lead in data breaches: Similar
to previous years, 49% of data breaches investigated by Trustwave were
in North America, while 21% were in Asia-Pacific, 20% in Europe, Middle
East and Africa, and 10% in Latin America. The largest single share of
incidents involved the retail industry, at 22%, followed closely by the
food and beverage industry, at nearly 20%.
- POS breaches increase: Environments
most breached in 2016 again consisted of corporate and internal
networks, at 43%. Incidents affecting POS systems increased to 31% in
2016, from 22% in 2015, while incidents affecting e-commerce
environments fell to 26% from 38%. Incidents involving POS environments
were most common in North America, which has been slower than much of
the world to adopt the EMV payment card standard.
- Payment card data most at risk: More
than half of the incidents investigated targeted payment card data:
Card track (also called magnetic stripe) data, at 33% of incidents,
primarily came from POS environments. Card-not-present (CNP) data, at
30%, mostly came from e-commerce transactions. Financial credentials,
including account names and passwords for banks and other financial
institutions, accounted for 18% of incidents, followed by other targets.
- Attackers seek stiff prices for their zero-day vulnerabilities: In
2016, Trustwave discovered an alleged undisclosed Windows zero-day
vulnerability and accompanying exploit code on sale for an initial price
of $95,000.
- Exploit market disruption: The
most common exploit kits in the world - Angler, Magnitude and Nuclear -
disappeared or went private in 2016, leading to a shakeup of the
exploit kit market.
- Malvertisements get dirt cheap: In
2016, the estimated cost for cybercriminals to infect 1,000 vulnerable
computers with malvertisements was only $5 -- less than $.01 per
vulnerable machine. Malicious advertising remains the number one source
of traffic to exploit kit landing pages.
- Malware tries to hide itself: 83% of malware samples Trustwave examined in 2016 used obfuscation, while 36% used encryption.
- Malware-laden spam creeps up: In
2016, 35% of spam messages contained malware, up from 3% in 2015.
Meanwhile, 60% of all inbound email was spam, up from 54% in 2015.
- Database flaws increase: Database vendors patched 170 vulnerabilities in the most common database products in 2016, up from 139 vulnerabilities in 2015.
- Applications are almost always vulnerable: 99.7%
of web applications Trustwave application scanning services tested in
2016 included at least one vulnerability, with the mean number of
vulnerabilities detected being 11 per application.
Trustwave
Chief Executive Officer and President Robert J. McCullen said,
"Cybersecurity in 2016 had both highlights and lowlights. As our data
breach investigations and threat intelligence show attackers continue to
evolve their tactics and focus on extreme paydays as cybercrime becomes
more like genuine businesses. Meanwhile security skills and talent
remain scarce. As an industry, we must continue to focus on key areas
like threat detection and response, security scanning and testing and
cloud security services that provide meaningful layers of protection
from constantly evolving threats."
Trustwave
experts gathered real-world data from hundreds of breach investigations
the company conducted in 2016 across 21 countries. This data was added
to billions of security and compliance events logged each day across the
global network of Trustwave Advanced Security Operations Centers,
along with data from tens of millions of network vulnerability scans,
thousands of web application security scans, tens of millions of web
transactions, tens of billions of email messages, millions of malicious
websites, penetration tests, telemetry from security technologies
distributed across the globe and industry-leading security research.
To download a complimentary copy of the 2017 Trustwave Global Security Report, visit: https://www.trustwave.com/gsr/.