Cyber criminals are refining their social engineering tactics to aim at specific targets, Trustwave, a Top 100 managed security service provider (MSSP) for 2018, said in its newly released Global Security Report.
In both cloud and point-of-sale (POS) environments, 60 percent of attacks the MSSP investigated were related to social engineering. The hacking method was similarly involved in nearly 50 percent of corporate and internal network breaches. Bad actors have also gotten better at confusing and misdirecting security defenders, the report said. Of note, threat response time improved dramatically with defenders identifying and containing intrusions far more quickly than last year.
To compile the analysis, Trustwave said it relied on "billions of logged security and compromise events worldwide, hundreds of hands-on data-breach and forensic investigations, manual penetration tests, network vulnerability scans and internal research."
10 Key Cybersecurity Research Findings
Key findings from the report, which Trustwave calls a "ticket into the criminal mind," include:
1. Where, how many? The Asia-Pacific region led in the number of data compromises investigated, accounting for 35% of instances. North America accounted for 30%, down from 43% in 2017. EMEA came in third at 27%, followed by Latin America & the Caribbean at 8%.
2. What industries? Retail experienced the highest number of incidents at 18%. Finance sector came in second at 11% and hospitality third at 10%, each slightly dropping from 13% and 12%, respectively, from the previous year.
3. On spam. Spam messages containing malware shrunk to 6% in 2018 from 26% in 2017, which Trustwave attributed to shorter, more regional campaigns from the malicious spamming botnet Necurs.
4. On malware. The largest single category of malware was downloaders at 13%, down slightly from last year. Remote access Trojans at 10% and web shells at 8% were the second and third most common types of malware. Two-thirds of malware used obfuscation to avoid detection, up from 30% last year.
5. On vulnerabilities? The number of vulnerabilities patched in five of the most common database products was 148, up from 119 in 2017. At 62%, denial-of-service (DoS) vulnerabilities used primarily for disruption accounted for the most vulnerabilities discovered across all major platforms in 2018. Information disclosure and privilege-escalation vulnerabilities together accounted about 17% of patching incidents.
6. On social engineering. Social engineering was the top method of compromise in 2018 in every environment analyzed other than e-commerce. In both cloud and POS environments, 60% of breach investigations can attribute successful social engineering as the conduit to initial point of entry. Social engineering in corporate and internal environments were slightly less yet significant at 46%.
7. On payment cards. Payment card data led in the types of information cybercriminals most coveted, comprising 36% of breach incidents.
8. On threat response time. The median time duration from threat intrusion to containment fell to 27 days, from 67 days in 2017. The median time between intrusion and detection for externally detected compromises fell to 55 days, down from 83 days in 2017.
9. On web-based attacks. A steep year-over-year increase of 1,250% was observed in cryptojacking malware, which was almost non-existent in 2017. In 97% of the 2,585 websites observed that were known to be compromised, the now-defunct Coinhive miner was preferred.
10. On web applications. For a second straight year, 100% of web applications tested possessed at least one vulnerability, with the median number of vulnerabilities rising to 15, up from 11 in 2017. Of more than 45,000 vulnerabilities discovered by Trustwave penetration testers, 80% were classified as low risk, with the remaining 20% deemed medium to critical.
Bonus - On risk. Fifty-seven percent of the incidents involved corporate and internal networks, up from 50% in 2017. E-commerce environments accounted for 27%. Incidents impacting POS systems decreased by more than half to 9% of the total occurrences.