Andrea Danti - Fotolia

Retail industry top cyber target, Trustwave report shows

The retail industry alone accounted for 43% of the more than 500 data compromises investigated in 15 countries in the past year, a report shows

The retail industry has come under the heaviest cyber attack in the past year, according to the 2015 Trustwave Global Security Report.

The report also revealed cyber criminals can get a return on investment of almost 1,500% from exploit kits and ransomware.

The retail industry accounted for 43% of more than 500 data compromises investigated in 15 countries in the past year, compared with 13% in the food and beverage industry and 12% in the hospitality industry.

E-commerce breaches accounted for 42% of investigations, while point of sale (POS) breaches accounted for 40% of investigations.

Trustwave attributes some of the food and beverage and hospitality industry compromises to their dependence on remote access software to manage remote locations and payment systems.

“Unfortunately, these merchants have deployed remote access software with weak or default credentials or configurations many times,” the report said.

Some 95% of food and beverage industry compromises and 65% of hospitality industry compromises were POS systems, while remote access security contributed to 44% of POS system compromises.

According to the report, 28% of breaches resulted from weak passwords, while another 28% were enabled by weak remote access security. Researchers found “Password1” was still the most common password.

Together, weak passwords and weak remote access contributed to 94% of POS breaches, while weak or non-existent input validation or unpatched vulnerabilities contributed to 75% of e-commerce breaches.

Nearly half of investigations involved the theft of Personally identifiable information (PII) and card holder data.

Researchers found track data, which is encoded on a payment card’s magnetic stripe, was targeted in 63% of breaches investigated in North America, while financial credentials were targeted in 50% of breaches investigated in Europe, Middle East and Africa.

In most cases victims did not detect the breach themselves, with 81% being reported by third parties.

According to the report, organisations took an average of 86 days to detect a breach, and an average of 111 days to contain breaches.

The RIG exploit kit was the most commonly detected, accounting for 25% of the total, while 33% of the exploits were of vulnerabilities in Adobe Flash, and 29% were of vulnerabilities in Microsoft Internet Explorer.

Cyber criminals earn with exploit kits

Commenting on the estimated 1,500% return on investment, Rickey Gevers, malware researcher at RedSocks, said while the return could be possible, it is unlikely many cyber criminals are achieving such high returns.

“Our own research shows on average these guys are probably making around €10,000 a month. In the malware economy of ‘click, buy and deploy’, it’s easy for cyber criminals to make a relatively comfortable living from this type of underhand activity.  Organisations and individuals need to be on their guard.”  

According to Trustwave, the return on investment for ransomware is also extremely high.

David Lomax, director of sales engineering for Europe at Barracuda Networks, said that as online companies have geared up to counter denial of service (DoS) attacks, hackers moved to ransomware, such as CryptoLocker and CryptoWall.

“These attacks encrypt data on users’ computers, making their files inaccessible until a fine is paid. There were often time limits added to these demands, making any other resolution seem unfeasible. These attacks have migrated onto mobile platforms as well,” he said.

Read more about ransomware

According to Lomax, these attacks have been very lucrative for hackers and are still popular, but there are an increasing number of targeted attacks on websites.

“If you can seed malware into a website, the amount of information you can get is huge. Website passwords, credit card information and intellectual property from file-sharing sites can suddenly become very vulnerable,” he added.

Lomax said the data held on e-commerce websites is high value, and more than 90% of companies that lose data file for bankruptcy in 12 months. 

“So a ransomware app has the potential to make huge revenues if the hackers can control the data,” he said.

Cyberthieves demand cash through ransomware

Data from mobile security firm Lookout shows ransomware is the second-most prevalent mobile threat for UK users.

“For the most part, we’ve seen ransomware delivered through drive-by downloads – it pretends to be a popular app, increasing the chances you’ll click on it,” said Gert-Jan Schenk, European vice-president of Lookout.

“Once installed, it will usually launch a fake scan which actually locks the phone, demanding money to be unlocked. Ransomware authors rely heavily on fear – they often create fake messages about sharing the contents of the phone with the authorities, or everyone in the phone’s contact book,” he added.

To avoid these threats, Schenk said users should be very careful about what apps they install, and where they come from – read the reviews on Google Play and avoid sideloading from untrusted sources.

Of the web server attacks observed, Trustwave said 30% were WordPress “pingback” DoS attacks, 25% were cross-site scripting (XSS) attacks, and 24% were exploits of the Bash or Shellshock vulnerability.

According to Trustwave, 95% of mobile apps tested were vulnerable to exploitation, while 98% of desktop applications were at risk, with the average number of vulnerabilities around 20, which is up from just six in 2013. Of the vulnerable mobile apps, 35% had critical issues, while 45% had high-risk issues.

In the face of the “hair raising” ease with which attackers can strike, Trustwave said an understanding of how adversaries operate is an important starting point in creating a cyber defence strategy.

Read more on Hackers and cybercrime prevention