A global report analysing cyber crime trends has revealed that attacks are more often pre-planned and malware has grown more sophisticated – but threat detection has improved.
The troubling results were published in Trustwave’s annual Global Security Report, which looked back on 10 years of trends in cybersecurity.
For this report, Trustwave analysed billions of security scans and web transactions, within 21 compromised locations across the globe.
It found that over a quarter (26%) of spam now contains malware – 90% of which use reload after reboot techniques that make remediation difficult.
On the contrary, email spam has declined. In 2008, 85% of all inbound email was spam, in 2017 this dropped to 39%, but 26% of this spam still did contain malware.
Phising and social engineering were the most common method of attack, being responsible for over half (55%) of compromises in the workplace.
PDF files are also gaining traction as a delivery method for phising, as the victim is lured into clicking a fraudulent link on the PDF.
This shows how human error remains the greatest hurdle for corporate cybersecurity teams. The social engineering scam “CEO fraud”, which encourages executives to authorise fraudulent money transactions, is becoming increasingly common.
The report also found that 100% of the web applications it looked into contained at least one vulnerability, and there was a median of 11. 8% of these were classified as critical or high risk.
Steve Kelley, Chief Marketing Officer at Trustwave, said their threat intelligence and investigations has unequivocally exposed cybercriminals and their attacks are becoming more methodical.
“As long as cybercrime remains profitable, we will continue to see threat actors quickly evolving and adapting methods to penetrate networks and steal data. Security is as much a ‘people’ issue as it is a technology issue. To stay on par with determined adversaries, organizations must have access to security experts who can think and operate like an attacker while making best use of the technologies deployed,” he added.
Vulnerabilities in general have increased rapidly since 2012, complete with a dramatic spike in 2017. One of the reasons behind this is that over the last decade the number of people using the internet has doubled.
Vulnerabilities mean that companies are more exposed to attacks, which have also become more targeted rather than opportunistic over the years.
Many breach incidents show signs of careful preplanning by cybercriminals probing for weak packages and tools to exploit. Cross-site scripting (XSS) was involved in 40% of attack attempts, followed by SQL Injection (SQLi) at 24%, Path Traversal at 7%, Local File Inclusion (LFI) at 4%, and Distributed Denial of Service (DDoS) at 3%.
In terms of malware, the most common type was persistence techniques to reload after a reboot (90%) and using obfuscation to avoid detection and bypass first line defenses (30%). Trustwave also found that over half (53%) of computers they sampled were vulnerable to use the same exploits that were used to perpetrate the widespread WannaCry and NotPetya ransomware attacks.
Retail was also the most affected industry (17%), and the majority (40%) of breaches targeted payment card data – a trend that has remained consistent over the past decade.
Surprisingly, incidents targeting hard cash is also on the rise at 11%. This is mostly due to fraudulent ATM transaction breaches at banks.
Alongside cash fraud, cryptocurrencies have opened a new avenue in security threats, too.
The same characteristics that have made bitcoin and other cryptocurrencies so popular with investors has also made them popular with cybercriminals.
This is because the transactions are anonymous, proof of ownership is basic and currencies are not government controlled. Around $15bn in cryptocurrencies was stolen from exchanges between 2012 and 2017.
Overall, this report reveals that attacks are on the rise, and are becoming more organised and structured thanks to an increasingly digital landscape and sophisticated tech.