Trustwave released the 2018 Trustwave Global Security Report which reveals the top security threats, breaches by industry, and cybercrime trends from 2017. The report is derived from the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-beach investig>
Help Net Security
Although slightly down from the previous year, North America still leads in data breaches investigated by Trustwave at 43% followed by the Asia Pacific region at 30%, Europe, Middle East and Africa (EMEA) at 23% and Latin America at 4%. The retail sector suffered the most breach incidences at 16.7% followed by the finance and insurance industry at 13.1% and hospitality at 11.9%. Half of the incidents investigated involved corporate and internal networks (up from 43% in 2016) followed by e-commerce environments at 30%. Incidents impacting point-of-sale (POS) systems decreased by more than a third to 20% of the total. In corporate network environments, phishing and social engineering at 55% was the leading method of compromise followed by malicious insiders at 13% and remote access at 9%. One hundred percent of web applications tested displayed at least one vulnerability with 11 as the median number detected per application. 85.9% of web application vulnerabilities involved session management allowing an attacker to eavesdrop on a user session to commandeer sensitive information. Cross-site scripting (XSS) was involved in 40% of attack attempts, followed by SQL Injection (SQLi) at 24%, Path Traversal at 7%, Local File Inclusion (LFI) at 4%, and Distributed Denial of Service (DDoS) at 3%. Although 30% of malware examined used obfuscation to avoid detection and bypass first line defenses, 90% used persistence techniques to reload after reboot. Of great concern is a marked increase at 9.5% in compromises targeting businesses that provides IT services including web-hosting providers, POS integrators and help-desk providers. The median time between intrusion and detection for externally detected compromises was 83 days in 2017, a stark increase from 65 days in 2016. Median time between intrusion and detection for compromises discovered internally however, dropped to zero days in 2017 from 16 days in 2016, meaning businesses discovered the majority of breaches the same day they happened. Down from the previous year, payment card data at 40% still reigns supreme in terms of data types targeted in a breach. The figure is split between magnetic stripe data at 22% and card-not-present (CNP) at 18%. The number of vulnerabilities patched in five of the most common database products was 119, down from 170 in 2016. Fifty three percent of computers with SMBv1 enabled were vulnerable to MS17-010 âETERNALBLUEâ exploits used to disseminate the WannaCry and NotPetya ransomware attacks.
Link: https://www.helpnetsecurity.com/2018/04/06/2018-trustwave-global-security-report/