CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
News Releases

New Trustwave Report Examines Cybercrime as a Business Model

April 19, 2016

2016 Trustwave Global Security Report Details Methods Cybercrime Organizations Use to Maximize Profits from Malicious Attacks

CHICAGO - April 19, 2016 -- Trustwave® today released the 2016 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2015. The report reveals how criminals make use of malware-as-a-service, which data they target, the most common attack methods, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals targeted, and where the majority of victims were located. It also reveals the most commonly used exploits, most prevalent malware families and more.

Key highlights from the 2016 Trustwave Global Security Report include:

  • Weak application security: 97 percent of applications tested by Trustwave in 2015 had at least one vulnerability. 10% of the vulnerabilities discovered were rated as critical or high risk. The median number of vulnerabilities discovered per application by the Trustwave Managed Security Testing service was 14.
  • Where security incidents occur: 45 percent of data breach investigations conducted by Trustwave occurred in North America, 27 percent were in the Asia-Pacific Region, 15 percent were in Europe, the Middle East and Africa, and 13 percent were in Latin America and the Caribbean.
  • Who criminals target: Retail was the most compromised industry, making up 23 percent of Trustwave investigations, followed by hospitality at 14 percent and food and beverage at 10 percent.
  • Shift in compromised environments:  Compromises affecting corporate and internal networks increased to 40 percent in 2015, up from 18 percent in 2014. 38 percent of investigations were of e-commerce breaches, compared to 42 percent in 2014. Twenty-two percent were of point-of-sale (POS) breaches. POS compromises decreased eighteen percentage points from 2014 to 2015, making up 40 percent of Trustwave investigations in 2014 and 33 percent in 2013.
  • Magento is a target: 85% of compromised e-commerce systems used the Magento open-source platform. At least five critical Magento vulnerabilities were identified in 2015, and most of the affected systems were not fully updated with security patches.
  • Data most targeted: In 60% of investigations, attackers were after payment card data, split about evenly between card track (magnetic stripe) data (31 percent of incidents), which came mainly from POS environments, and card-not-present (CNP) data (29 percent), which mostly came from e-commerce transactions.
  • Self-detection of breaches: The majority of victims, 59 percent, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. Self-detection increased from 19% in 2014 to 41% in 2015. In 2015, for self-detected breaches, a median of 15 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 168 days elapsed from intrusion to containment.
  • Malvertising goes mainstream: The Trustwave analysis of the RIG exploit kit, the most prominent exploit kit of 2014 and the third most prominent in 2015, shows that approximately 90 percent of traffic to the kit originates from malicious advertisements. Even some of the largest ad networks have been misused by attackers to spread malware to unsuspecting users visiting popular websites.
  • The Year of Angler: Angler, the most prevalent exploit kit of 2015, accounted for 40 percent of exploit kit-related incidents we observed, more than twice as many as the next most prevalent kit, Nuclear. Angler was also the first exploit kit to integrate several newly disclosed exploits, including four zero-day exploits and seven "one-day" exploits, which target vulnerabilities for which patches have been released but have not yet been widely distributed.
  • Shifting spam subjects: In 2014, pharmaceutical product spam made up almost three-fourths of the spam messages Trustwave analyzed. In 2015, that portion dropped dramatically, to 39 percent, which was still enough to make it the largest share of any category. Spam related to online dating sites and adult products made a combined five-fold leap from 6% in 2014 to 30% in 2015. Five percent of overall spam included a malicious attachment or link, a 1 point decrease from 2014.

"Cybercriminals have been congregating and organizing for years, but 2015 showed a marked increase in the behavior we would normally associate with legitimate businesses," said Trustwave Chief Executive Officer and President Robert J. McCullen. "Based on the study of numerous security incidents, exploit kits and malvertising campaigns, our 2016 Trustwave Global Security Report shows businesses how and where these sophisticated criminal organizations are most likely to attack, and more importantly, how to defend their assets."

Trustwave experts gathered real-world data from hundreds of breach investigations the company conducted in 2015 across 17 countries. This data was added to billions of security and compliance events logged each day across the global network of Trustwave Security Operations Centers, evaluation of tens of billions of email messages, analysis of tens of millions of web transactions, thousands of web application security scans and penetration tests, telemetry from security technologies distributed across the globe and industry-leading security research.

Download a complimentary copy of the full 2016 Trustwave Global Security Report at: https://www2.trustwave.com/GSR2016.html

ABOUT TRUSTWAVE

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

###

All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Latest News Releases

Trustwave Named a Major Player in New IDC MarketScape on Worldwide Cybersecurity Consulting Services

CHICAGO – April 3, 2024 – Trustwave, a leading cybersecurity and managed security services provider, was named a Major Player in the IDC MarketScape: Worldwide Cybersecurity Consulting Services 2024...

Read More

Trustwave Adds Threat Intelligence as a Service to its Offensive Security Offering Portfolio

CHICAGO – April 2, 2024 – Trustwave , a global cybersecurity and managed security services leader, today announced the launch of Trustwave Threat Intelligence as a Service (TIaaS). Trustwave TIaaS...

Read More

Trustwave Welcomes General Availability of Microsoft Copilot for Security

Chicago — April 1, 2024 — Trustwave, a leading cybersecurity and managed security services provider, today celebrates the general availability (GA) of Microsoft Copilot for Security. Trustwave was a...

Read More