Cyber crime is an increasingly serious business and a new report released by Trustwave looks at the top trends from the past year based on real-world data from data breach investigations.
Key findings from the report include that 97 per cent of applications tested by Trustwave in 2015 had at least one vulnerability. In addition 10 per cent of the vulnerabilities discovered were rated as critical or high risk.
Retail is the industry most commonly targeted by cyber criminals, accounting for 23 per cent of Trustwave investigations, followed by hospitality at 14 per cent and food and beverage at 10 per cent. The findings show that eCommerce breaches accounted for 38 per cent of investigations, compared to 42 per cent in 2014. Twenty-two per cent were of point-of-sale (POS) breaches. The Magneto open source platform accounted for 85 per cent of eCommerce breaches. At least five critical Magento vulnerabilities were identified in 2015, and most of the affected systems weren't fully updated with security patches.
In 60 per cent of investigations, attackers were after payment card data, split about evenly between card track (magnetic stripe) data (31 per cent of incidents), which came mainly from POS environments, and card-not-present data (29 per cent), which mostly came from eCommerce transactions.
"Cyber criminals have been congregating and organising for years, but 2015 showed a marked increase in the behaviour we would normally associate with legitimate businesses," says Trustwave chief executive officer and president Robert J McCullen. "Based on the study of numerous security incidents, exploit kits and malvertising campaigns, our 2016 Trustwave Global Security Report shows businesses how and where these sophisticated criminal organisations are most likely to attack, and more importantly, how to defend their assets".
Other findings include a shift in spam subjects. In 2015, the portion of pharmaceutical spam dropped dramatically, to 39 per cent from almost 75 per cent the previous year, which was still enough to make it the largest share of any category. Spam related to online dating sites and adult products made a combined five-fold leap from six per cent in 2014 to 30 per cent in 2015. Five per cent of overall spam included a malicious attachment or link, a one point decrease from 2014.
You can see more findings in the full report which is available to download from the Trustwave website.