Study: Data thieves follow common patterns

A look at cybercrime, data breach and security threat trends from 2015 demonstrates that criminals are indeed creatures of habit.



According to the Trustwave 2016 Global Security Report, which analyzes results of Trustwave security investigations during 2015, retail was the most targeted industry for data breaches. Twenty-three percent of Trustwave data breach investigations involved retailers. North America was the most popular geographic location for cyberattacks, with 35% of all Trustwave investigations occurring on the continent.



When it comes to e-commerce breaches, hackers have a preferred target. Eighty-five percent of compromised e-commerce systems used the Magento open-source platform. According to Trustwave, at least five critical Magento vulnerabilities were identified in 2015, and most of the affected systems were not fully updated with security patches.



The total percentage of Trustwave investigations represented by e-commerce breaches dipped to 38% from 42% the prior year. POS breaches fell dramatically to 22% of total investigations, down from 40% in 2014.



That year may have been a watershed for POS attacks, which rose from a 33% share of all breaches in 2013. Chain Store Age believes industry response to several high-profile POS breaches in 2013 and 2014, as well as the beginning of the move toward EMV chip card compliance in 2015, may have helped reduce the number of cyberattacks focusing on POS systems.



However, compromises affecting corporate and internal networks more than doubled to 40% in 2015, up from 18% in 2014.



Hackers also had a clear favorite type of data they attempted to steal in breaches. In 60% of investigations, attackers were after payment card data. Efforts were split about evenly between card track (magnetic stripe) data (31% of incidents), which came mainly from POS environments, and card-not-present (CNP) data (29%), which mostly came from e-commerce transactions.



The majority of victims, 59%, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. Self-detection still dramatically increased from 19% in 2014 to 41% in 2015. In 2015, for self-detected breaches, a median of 15 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 168 days elapsed from intrusion to containment.



The study also indicated a pervasive issue with weak application security. Almost all (97%) applications tested by Trustwave in 2015 had at least one vulnerability. Ten percent of the vulnerabilities discovered were rated as critical or high risk. The median number of vulnerabilities discovered per application by the Trustwave Managed Security Testing service was 14.



Trustwave gathered real-world data from hundreds of breach investigations the company conducted in 2015 across 17 countries. This data was added to billions of daily logged security and compliance events, evaluation of tens of billions of email messages, analysis of tens of millions of web transactions, thousands of web application security scans and penetration tests, telemetry from security technologies distributed across the globe, and security research.