As organisations move to cloud environments and embark on digital transformation projects, cybersecurity threats are becoming more pervasive and attacks are becoming more targeted, according to a new report from Trustwave.
The 2020 Trustwave Global Security Report highlights key trends around cyber criminals activity and success rate, looking at specific technology, methods, industries and scams.
Attacks on cloud services has more than doubled. Corporate environments continue to lead all environments targeted by cybercriminals at 54%, slightly down 2%, followed by eCommerce at 22%, down 5%, when compared to 2018.
Cloud services also saw the biggest increase and is now the third most targeted environment accounting for 20% of investigated incidents, up significantly from 7% the previous year, Trustwave finds.
When it comes to methods, social engineering remained the top mode of compromise in 2019. In fact, half of all incidents investigated by Trustwave analysts were the result of phishing or other social engineering tactics, up from 33% in 2018.
To make up for lost revenue, cybercriminals stepped up social engineering efforts by sending fake update messages for browsers, operating systems and other software to trick users into installing malware, Trustwave states.
Ransomware incidents overtook payment card data when comparing types of information most targeted by cybercriminals. The monetary return of encrypting specific computer files or entire systems and demanding payment accounted for 18% of breach incidents observed in 2019, up from 4% in 2018.
By comparison, the success of ransomware was slightly higher than the total percentage of incidents involving card-not-present and track data at 17%.
Meanwhile, findings show a notable decrease in the volume of spam email targeting organisations from 45.3% in 2018 to 28.3% in 2019. Trustwave states this is due to several large spamming operations reducing activities or vanishing altogether.
Of the spam analysed in 2019 by Trustwave, only 0.2% contained malware down from 6% the previous year. This decrease, although positive, supports findings cybercriminals are shifting tactics opting for more targeted and personal email attacks known as Business Email Compromise (BEC), Trustwave states.
In 2019, the analysts saw the average volume of BEC messages captured at the gateway rise to an average of 60 messages per day up from 20 messages the previous year.
Also in the realm of malware, downloaders at 24.9% made a significant jump in the largest single category of malware encountered, up from 13% in 2018.
The increase can be attributed to an uptick in malware-as-a-service bots such as Emotet, Trustwave states. Criminals often use downloaders and droppers in multi-stage attacks to install additional malware varieties.
Database information disclosure vulnerabilities also increased. Trustwave finds that the number of vulnerabilities patched in five of the most common database products was 202, up from 148 in 2019.
Of those patched, 118 allowed denial of service (DOS) attacks followed by information disclosure at 28, up from 15 in 2018.
When looking at specific systems, 69% of malware investigated by Trustwave targeted the Windows operating system followed by cross-platform at 23% and Unix at 8%. Of the exploited vulnerabilities observed, the top two at 61% when combined, allowed remote code execution.
Furthermore, 67% of exploits used against service providers involved CVE-2014-0780 giving remote attackers the ability to read administrative passwords in app files and execute arbitrary code in unspecified web requests.
Attacks from Magecart, a loose affiliation of cybercriminal groups who target eCommerce sites often through the Magento platform, accounted for nearly 6% of overall Trustwave investigations in 2019 up from zero instances four years ago.
Retail and hospitality have been hardest hit as cybercriminals pivot from targeting point-of-sale (POS) terminals due to implementation of Europay, MasterCard and Visa (EMV) chip technology to targeting online storefronts.
Finally, for a second consecutive year, the Asia-Pacific region led in the number of data compromises investigated, accounting for 37% of instances, up 2% from 2018 and 7% from 2017. North America followed at 33% slightly rising 3% from 2018; Europe, Middle East and Africa came in third at 25% and Latin America - Caribbean (LAC) at 4%.
The retail sector led the number of incidents at 24% jumping 6% compared to 2018. The financial industry came in second at 14% and hospitality third at 13% up 3% since 2018.
On the prevention side, Trustwave notes that internal detection is crucial for reducing threat response time. According to the analysts, the median time duration from threat intrusion to detection when detected internally dropped to just two days, down from 11 days in 2018.
The median time duration from threat intrusion to detection when detected externally by a third party however rose significantly to 86 days from 55 days just a year ago.
Trustwave chief executive officer Arthur Wong says, “Our 2019 findings depict organizations under tremendous pressure contending with adversaries who are methodical in selecting their targets and masterful at finding new pathways into environments as the attack surface widens.
“We continue to see the global threat landscape evolve through novel malware delivery, inventive social engineering and the ways malicious behaviors are concealed. How fast threats are detected and eliminated is the top cybersecurity priority in every industry.
The report is based on the analysis of a trillion logged security and compromise events, hundreds of hands-on data-breach and forensic investigations, penetration tests and red teaming exercises, network vulnerability scans and internal research.
Trustwave experts gathered and analysed real-world data from hundreds of breach investigations that the company conducted in 2019 across 16 countries.