Retail industry worst hit by cyber attacks
Cyber attacks in the retail sector are becoming more organised and structured, according to analysis of threat intelligence and breach incidents by Trustwave.
While 2017 saw improvement in areas such as intrusion to detection, there was also increased sophistication in malware obfuscation, social engineering tactics and advanced persistent threats.
The 2018 Trustwave Global Security Report was derived from analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-beach investigations and internal research.
The retail sector suffered the most breach incidences, at 16.7 per cent, followed by the finance and insurance industry at 13.1 per cent, and hospitality at 11.9 per cent.
Half of the incidents investigated involved corporate and internal networks (up from 43 per cent in 2016) followed by e-commerce environments at 30 per cent. Incidents impacting point of sale systems decreased by more than a third to 20 per cent of the total – reflecting increased attack sophistication and targeting of larger service providers.
In corporate network environments, phishing and social engineering was the leading method of compromise (55 per cent), followed by malicious insiders at 13 per cent and remote access at 9 per cent.
The report also found that payment card data remains the primary source of cyber fraud, representing 40 per cent of total incidents in 2017.
Of that 40 per cent, card-track (magnetic stripe) data made up 22 per cent and card-not-present, which is mostly used in e-commerce transactions, accounted for 18 per cent. This is a significant decline from 2016, when attackers targeted card data in almost two thirds of incidents. But at the same time, there is a rise in incidents targeting cash (11 per cent), mostly due to fraudulent ATM transaction breaches enabled by vulnerable account management systems at financial institutions.
Trustwave expressed concern over a marked increase (up 9.5 per cent) in compromises targeting businesses that provide IT services - including web-hosting providers, PoS integrators and help-desk providers - as compromise of just one provider opens the gates to a multitude of new targets.
“Our 2017 threat intelligence and investigations, along with a retrospective view of the last ten years has unequivocally exposed cybercriminals and their attacks are becoming more methodical and organised,” stated Steve Kelley, chief marketing officer at Trustwave.