Trustwave Reveals Increase in Retailer, Mobile Devices and E-Commerce Cyber Attacks

By Peter Bernstein February 14, 2013

In light of all of the attention now focused on cyber threats thanks to President Obama’s recent Executive Order, and a seemingly unending stream of news about the grow of denial of service attacks and other types of hacks and security breaches, we are starting to get some interesting quantification about various security issues. The latest is a report from Trustwave, a leading provider of cloud-based compliance and information security solutions, who has released the key results from its 2013 Trustwave Global Security Report.

The report highlights details and trends from more than:

  • 450 global data breach investigations,
  • 2,500 penetration tests,
  • Nine million Web application attacks,
  • Two million network and vulnerability scans,
  • Five million malicious websites, NS
  • 20 billion e-mails.

It is also based on extensive research and analysis of zero-day security threats. This is real data, analyzed by industry experts at the company and noted surveys. 

Sobering developments on the targeting front

At the risk of being the bearer of some not-so-great news, the findings from this year’s analysis should raise the antenna of quite a few companies is critical industries. For example:

  • The retail industry is now the top target for cyber-criminals making up 45 percent of Trustwave data breach investigations (a 15 percent increase from 2011) with e-commerce attacks emerging as a growing trend surpassing the amount of point-of-sales attacks.
  • Mobile malware increased 400 percent, with malware found on Android devices growing from 50,000 to more than 200,000 samples.
  • Of three million user passwords analyzed, 50 percent of business users are still using easily-guessed passwords—the most common being “Password1”
  • Nearly every industry, country and type of data was involved in a breach of some kind with cyber-security threats increasing as quickly as businesses can implement measures against them.

“Cyber-criminals will never stop trying to compromise systems to obtain valuable information such as customer and private user data, corporate trade secrets and payment card information,” said Robert J. McCullen, Chairman, CEO and president of Trustwave. “This year’s Global Security Report pulls back the curtain revealing how breaches happen and how potential victims around the world can protect themselves so that they stay one step ahead and eliminate potential security threats. After reading this report, businesses and government agencies will be one step closer to building a comprehensive security strategy to reduce risk, protect data and safeguard their reputation.”

The bad guys have been active

The final report will run roughly 70 pages, but Trustwave has put out a rather extensive and thought-provoking summary of the highlights that need to be carefully considered and are good reason to get the full report when it is available. These include:

  • Applications were the most popular attack vector. E-commerce sites were the number one targeted asset accounting for 48 percent of all investigations.
  • 64 percent of organizations attacked took more than 90 days to detect an intrusion with the average time for detection being 210 days -- 35 days longer than in 2011.
  • 5 percent took more than three years to identify the criminal activity.
  • Most victim organizations still rely on third parties, customers, law enforcement or a regulatory body to notify them a breach has occurred – a worldwide security problem.
  • Employees leave the door open to further attacks for a variety of in many cases non-malicious reasons.
  • Attacks were discovered in 29 different countries. The largest percentage, 34.4 percent, originated in Romania.
  • Spam volume shrank in 2012 but still represents 75.2 percent of a typical organization’s inbound e-mail and roughly 10 percent of spam messages are malicious.
  • 63 percent of investigations revealed a third party responsible for system support, development or maintenance, introduced security deficiencies easily exploited by hackers.
  • The two most noteworthy methods of intrusion, SQL injection and remote access, made up73 percent of the infiltration methods used by criminals in 2012.
  • Out of the 450 cases investigated in 2012, about 40 variations of malware were found.
  • Trustwave attributed the 40 unique types of malware to six criminal groups. Three criminal teams caused the majority of payment of service credit card breaches.  Russia and the U.S. are the largest contributors when it comes to malware attacks making up 39.4 percent and 19.7 percent of hosted malware, respectively.

“Businesses should take a step back and re-evaluate their security posture,” added McCullen.  “All developers, particularly in the e-commerce industry, should implement a full lifecycle security plan that includes thoroughly educating themselves and their employees, equipping themselves with the best tools to protect themselves against attacks and making sure they are using the most reliable resources for zero day detection.”

Trustwave as a result of its findings has six security recommendations for this year.

1.       Educate employees 

2.        Identify users

3.        Register assets

4.       Protect data

5.       Unify activity logs

6.        Visualize events

Much of this is just common sense and good practice since you don’t know what can hurt you until you know what you have that can be hurt. That said, the last two items are important. The unification of activity logs across an enterprise from siloed databases is on a smaller scale what the executive order is attempting to do for homeland security, i.e., share data. That is actually a good segue into the visualization of events recommendation. Security must be not just about being reactive, but in a real-time world where the frequency and sophistication of attacks is increasing, being able to have what the military calls “situational awareness” is also important. It allows enterprises to not just more responsive when under attack but proactive in anticipating and being prepared for what might come.

The 2013 Trustwave Global Security Report will be available to the public prior to the RSA Conference in San Francisco, February 25. You can sign up to receive a complementary digital copy of the report when it becomes generally available at:

Edited by Rich Steeves
Related Articles

Verizon Shows Support for Nepal Earthquake Victims

By: Dominick Sorrentino    4/27/2015

As international aid agencies and NGOs gear up to help the victims of the 7.8-magnitude earthquake that struck Nepal on Saturday, claiming more than 3…

Read More

Survey Shows Business Executives and IT Leaders Disagree on Future of Enterprise Tech Investing

By: Peter Bernstein    4/27/2015

Perception can become reality, and this is not necessarily good news. This is particularly true during times of major change, which we are currently e…

Read More

Comcast-TWC Demise Points to Online Video's Ascendency

By: Tara Seals    4/27/2015

Comcast may have called off its $45 billion megamerger with Time Warner Cable, but the legacy of what that means for the FCC's policy for online video…

Read More

How Solar Investments Will Change in 2016

By: Anna Johansson    4/27/2015

The solar industry has been of particular interest to consumers, businesses, and technology developers over the course of the past decade or so. Solar…

Read More

Nevada: Silver State to Tech Center

By: Doug Mohney    4/24/2015

Silver was the primary mineral mined in Nevada when it was admitted to the union in 1864, earning it the slogan of "The Silver State." Times changed, …

Read More