Data Breach Threat Intelligence By The Numbers

Common Mistakes Lead To Breaches

Employee mistakes are leading to some of the most serious data breaches at e-commerce companies and other firms targeted by financially motivated cybercriminals, according to the Trustwave Global Threat Report. The report, due out Feb. 20, analyzed about 450 data breach cases its computer forensics team investigated in 2012.

Retail Made Up Most Breaches

For the first time, the retail industry made up 45 percent of Trustwave data breach investigations, representing a 15 percent increase from 2011. E-commerce websites were the No. 1 target, accounting for almost half of its data breach investigations. Attacks on those websites surpassed the amount of attacks targeting point-of-sale systems.

Weak Passwords, Poor Patching Led To Breaches

Basic security measures are still not in place, Trustwave said. Employees often pick weak passwords, share too much company information on social networks and other public platforms and have a penchant for clicking on links in email messages, the study found. "Password1’ is the most common password, according to Trustwave. Of three million user passwords analyzed, 50 percent are using the bare minimum.


SQL Injection, Remote Access Common Targets

Attackers are continuing to use old-school methods to gain access to corporate systems and steal sensitive data. SQL injection and remote access made up 73 percent of the infiltration methods used by criminals in 2012. Roughly 40 malware variants were discovered on corporate systems, attributable to about six criminal groups. Three criminal teams made up the majority of credit card breaches.

Black Hole Exploit Toolkit, Memory Scraping Malware

The Black Hole automated attack toolkit was used in more than 70 percent of all client-side attacks, Trustwave said. Attackers used memory-scraping malware to probe system memory and steal sensitive data in about 50 percent of investigations where malware had data collection functionality, Trustwave said. Attackers used malicious PDF files, targeting Adobe Reader vulnerabilities in 61 percent of all client-side attacks in 2012.

Third-Party IT Operations Contributed To Breaches

The firm said outsourced, third-party IT operations contributed to some breaches, introducing security deficiencies easily exploited by hackers. Remote access tools are commonly used by remote IT operations. Third parties were responsible for system support, development and maintenance in 63 percent of investigations conducted by the Trustwave forensics team.

Breach Detection Took Months

Breach detection has also been an issue, with 64 percent of organizations discovering an intrusion more than 90 days after the initial breach. The average time of detection was 210 days, 35 days longer than in 2011, Trustwave said. "Most victim organizations still rely on third parties, customers, law enforcement or a regulatory body to notify them a breach has occurred -- a worldwide security problem," according to the report.