Malware attacks give criminals 1,425% return on investment

Trustwave released a new report which reveals the top cybercrime, data breach and security threat trends from 2014. They gathered the data from 574 breach investigations the SpiderLabs team conducted in 2014 across 15 countries in addition to threat intelligence gleaned from the companys global SOCs, security scanning and penetration testing results, telemetry from security technologies and security research.

Key highlights:

Return on investment: Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment).

Weak application security: 98 percent of applications tested by Trustwave in 2014 had at least one vulnerability. The maximum number of vulnerabilities Trustwave experts found in a single application was 747. The median number of vulnerabilities per application increased 43 percent in 2014 from the previous year.

The password problem: Password1 was still the most commonly used password. 39 percent of passwords were eight characters long. The estimated time it took Trustwave security testers to crack an eight-character password was one day. The estimated time it takes to crack a ten-character password is 591 days.

Where victims reside: Half of the compromises Trustwave investigated occurred in the United States (a nine percentage point decrease from 2013).

Who criminals target: Retail was the most compromised industry making up 43 percent of Trustwaves investigations followed by food and beverage (13 percent) and hospitality (12 percent).

Top assets compromised: 42 percent of investigations were of e-commerce breaches. Forty percent were of point-of-sale (POS) breaches. POS compromises increased seven percentage points from 2013 to 2014, making up 33 percent of Trustwaves investigations in 2013 and 40 percent in 2014. E-commerce compromises decreased 13 percentage points from 2013 to 2014.

Data most targeted: In 31 percent of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card thats needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013) meaning attackers shifted their focus back to payment card data.

Lack of self-detection: The majority of victims, 81 percent, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.

How criminals break in: Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94 percent of POS breaches.

Spam on the decline: Spam volume continues to decrease making up 60 percent of total inbound mail (compared to 69 percent in 2013 and more than 90 percent at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.

After a review of the entire report, Steven Russo, Executive Vice President of CertainSafe believes that it is not a matter of if a foreign actor can get into a system, but when, and how long it takes to identify that a breach occurred.

“After digesting the core of the report it is clear that something needs to change. The clear definition of the insanity in cyber today is that we continue to protect sensitive data the same way over and over again and expect a different result. I do not think there do be any doubt in that current methods are simply not good enough and something needs to change. The ever present threat of cyber-attack underscored by the recent array of mass-data breaches in most sectors of the economy are forcing business of all sizes to take action. The current need is for new ways to secure data at rest and data in motion from cyber-attack, mass data loss, and internal as well as external criminal exploitations,” Russo added.”