On Tuesday we posted our fifth question of the Trustwave 2012 Global Security Report Twitter Contest.
The question was…
"Jeopardy Style: This data aggregation attack technique obtains data while it is being processed or access by a system or application. #TWContest"
The answer is...
"What is In-transit or In-transit Attacks?" and was introduced on page 9 and in more detail as part of the "Malware Statistics" section (pages 17-18) in the Trustwave 2012 Global Security Report.
Attacker have wised-up over the years. They no longer bet on obtaining stored data in every breach. In fact, in 62.5% of our 2011 investigations had evidence that this data aggregation technique was being used. When attackers are looking to commit fraud with the data they are obtaining, what better way to ensure the freshest data than to grab it out of memory, off the wire or as it is being entered into a system.
The winner is...
Gabriel Friedmann (@Gmanfunky)
Thanks to everyone who has participated so far! Be on the look out for the 6th question, which is slated for release soon! Questions are now worth $100.00. Remember all correct answers during the contest are eligible for the grand prize - a trip to Las Vegas to attend Black Hat USA and DEF CON 20. Also, as a new addition to the contest, if you re-tweet the question you get two chances to win!