CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Recognize Breaches When Hackers Shift Their Focus

The security profession doesn't only have to bear bad news. Reasons to be hopeful do occasionally emerge, such as a finding from the just-released 2016 Trustwave Global Security Report which indicated that the share of security incidents affecting point-of-sale environments dropped 18 percentage points, from 40 percent in 2014 to 22 percent last year.

We have been screaming from the rooftops about point-of-sale (POS) malware for some time, and our SpiderLabs team has researched several new strains of the nasty stuff over the past couple of years. But if this new data is any indication, it appears as if the industry has collectively turned a corner in response to a threat that is purposely conceived to steal credit card numbers from payment terminals.

The EMV standard, which now requires that merchants in the United States transition to readers that can accept chip-based cards, is also aiding the fight by disincentivizing cybercriminals from attacking these POS assets. Another consideration is that crooks are finding that they can earn much more money by stealing sensitive data beyond credit card numbers. That includes not just other personally identifiable information, but also intellectual property and other proprietary information belonging to corporations.

Is that where the good news ends? In the security industry, cybercrime trends tend to be inversely proportionate because professional fraudsters shrewdly shift their tactics so they can continue to revel in robust returns-on-investment. So where one area improves, another suffers. In that vein, the 2016 Trustwave Global Security Report showed that the share of incidents affecting corporate and internal networks increased to 40 percent last year, up from 18 percent in 2014.

But instead of waving the white flag and suggesting that the fight can ultimately never be won because your adversaries will always transition to something else, consider this: According to the report, 41 percent of data breaches were detected by the victims themselves, up from 19 percent in 2014 - a huge rise.

While it's impossible to perfectly explain why this change occurred, it is a potentially significant development. Spotting breaches internally - and not relying on an outside party to do it for you - is immensely important to limiting the amount of damage that your adversaries can cause. Our numbers show self-detection drastically cuts down on the median time between intrusion to detection - and containment.


(Source: 2016 Trustwave Global Security Report)


More and more organizations are accepting that intrusions are an inevitable prospect - and are prioritizing their security programs accordingly to focus on detection as much as protection.

It's important to remember, however, that this trend may merely be a blip on the radar - especially with hackers deftly and regularly shifting their tactics - so it's critical that you embrace the momentum by continuing to fixate your attention on the attacks and compromises themselves.

Here are three signs that may indicate a data breach is underway:

1) The Operation

A rise in unusual data access, strange or uncommon network traffic, account logins (and failed logins), and newly installed programs - much of this happening at odd times - can signal network inhabitants who are up to no good.

2) The Transfer

Suspicious outbound traffic, especially to systems outside your control, typically is a tell-tale symptom that hackers are attempting to exfiltrate sensitive information outside of your walls.

3) The Cover-Up

Criminals often will try to introduce a decoy, such as a DDoS attack, so your eyes are diverted elsewhere. And once they've completed their mission, they'll attempt to hide their tracks through log tampering.

An important note to keep in mind is that many companies are not equipped with the in-house skill sets to accomplish these tasks effectively and achieve optimum security outcomes. Partnering with a managed security services provider that offers threat intelligence, detection, mitigation and protection can help offset this gap in acumen and extend your IT team.


Latest Trustwave Blogs

Unlocking the Power of Offensive Security: Trustwave's Proactive Approach to Cyber Defense

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect...

Read More

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Editor’s Note – The situation with the Change Healthcare cyberattack is changing frequently. The information in this blog is current as of April 16. We will update the blog as needed. April 16, 2024:...

Read More

Law Enforcement Must Keep up the Pressure on Cybergangs

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware...

Read More