Trustwave today released the 2020 Trustwave Global Security Report, which reveals the top security threats, breaches by industry and cybercrime trends from 2019.
"Our
2019 findings depict organizations under tremendous pressure contending
with adversaries who are methodical in selecting their targets and
masterful at finding new pathways into environments as the attack
surface widens," said Arthur Wong, chief executive officer at Trustwave.
"We continue to see the global threat landscape evolve through novel
malware delivery, inventive social engineering and the ways malicious
behaviors are concealed. How fast threats are detected and eliminated is
the top cybersecurity priority in every industry."
The
report is based on the analysis of a trillion logged security and
compromise events, hundreds of hands-on data-breach and forensic
investigations, penetration tests and red teaming exercises, network
vulnerability scans and internal research.
Key findings from the 2020 Trustwave Global Security Report include:
- Attacks on cloud services more than doubles --
Corporate environments continue to lead all environments targeted by
cybercriminals at 54% slightly down 2% followed by e-commerce at 22%
down 5% when compared to 2018. Cloud services saw the biggest increase
and is now the third most targeted environment accounting for 20% of
investigated incidents up significantly from 7% the previous year.
- Social engineering reigns supreme in method of compromise --
Social engineering remained the top method of compromise in 2019. Half
of all incidents investigated by Trustwave analysts were the result of
phishing or other social engineering tactics, up from 33% in 2018.
- Ransomware overtakes payment card data in breach incidents --
For the first time, ransomware incidents overtook payment card data
when comparing types of information most targeted by cybercriminals. The
quick monetary return of encrypting specific computer files or entire
systems and demanding payment accounted for 18% of breach incidents
observed in 2019 up from 4% in 2018. By comparison, the success of
ransomware was slightly higher than the total percentage of incidents
involving card-not-present and track data at 17%.
- Malware-laden spam drops to nearly zero --
Findings show a large decrease in the volume of spam email hitting
organizations from 45.3% in 2018 to 28.3% in 2019 due to several large
spamming operations reducing activities or vanishing altogether. Of the
spam analyzed in 2019 by Trustwave, only 0.2% contained malware down
from 6% the previous year. This decrease although positive, supports
findings cybercriminals are shifting tactics opting for more targeted
and personal email attacks known as Business Email Compromise (BEC). In
2019, Trustwave saw the average volume of BEC messages captured at the
gateway rise to an average of 60 messages per day up from 20 messages
the previous year.
- Malware capabilities and delivery evolves --
Downloaders at 24.9% made a significant jump in the largest single
category of malware encountered up from 13% in 2018. The increase can be
attributed to an uptick in "malware-as-a-service" bots such as Emotet.
Criminals often use downloaders and droppers in multi-stage attacks to
install additional malware varieties.
- Database information disclosure vulnerabilities increase --
The number of vulnerabilities patched in five of the most common
database products was 202, up from 148 in 2019. Of those patched, 118
allowed denial of service (DOS) attacks followed by information
disclosure at 28, up from 15 in 2018.
- Cryptojacking nearly vanishes from web-based attacks --
The 1,250% surge of cryptojacking malware observed in 2018 used to
place JavaScript coin miners on websites or infect carrier-grade routers
all but vanished in 2019 after cryptomining service Coinhive shut down.
To make up for lost revenue, cybercriminals stepped up social
engineering efforts by sending fake update messages for browsers,
operating systems and other software to trick users into installing
malware.
- Internal detection crucial for reducing threat response time -- The
median time duration from threat intrusion to detection when detected
internally dropped to just two days, down from 11 days in 2018. The
median time duration from threat intrusion to detection when detected
externally by a third party however rose significantly to 86 days from
55 days just a year ago.
- Windows and remote code execution favored --
Sixty-nine percent of malware investigated by Trustwave targeted the
Windows operating system followed by cross-platform at 23% and Unix at
8%. Of the exploited vulnerabilities observed, the top two at 61% when
combined, allowed remote code execution. Surprisingly, 67% of exploits
used against service providers involved CVE-2014-0780 giving remote
attackers the ability to read administrative passwords in app files and
execute arbitrary code in unspecified web requests.
- Magecart gains prominence --
Attacks from Magecart, a loose affiliation of cybercriminal groups who
target e-commerce sites often through the Magento platform, accounted
for nearly 6% of overall Trustwave investigations in 2019 up from zero
instances four years ago. Retail and hospitality have been hardest hit
as cybercriminals pivot from targeting point-of-sale (POS) terminals due
to implementation of Europay, MasterCard and Visa (EMV)chip technology
to targeting online storefronts.
- Asia Pacific and retail tops data breach incidents --
For a second consecutive year, the Asia-Pacific region led in the
number of data compromises investigated, accounting for 37% of instances
up 2% from 2018 and 7% from 2017. North America followed at 33%
slightly rising 3% from 2018; Europe, Middle East and Africa came in
third at 25% and Latin America & Caribbean (LAC) at 4%. The retail
sector led the number of incidents at 24% jumping 6% compared to 2018.
The financial industry came in second at 14% and hospitality third at
13% up 3% since 2018.
To download a complimentary copy of the 2020 Trustwave Global Security Report, visit:
https://www.trustwave.com/en-us/resources/library/documents/2020-trustwave-global-security-report/.