Trustwave Global Security Report
Total Page:16
File Type:pdf, Size:1020Kb
2018 TRUSTWAVE GLOBAL SECURITY REPORT INTRODUCTION Executive Summary Ten Years of Security DATA COMPROMISE 2017 Compromise Demographics Trustwave SpiderLabs 2018Advanced Threat Reports THREAT TRUSTWAVE INTELLIGENCE Web Attacks GLOBAL Email Threats SECURITY Exploits Cryptocurrency and Crime REPORT Malware THE STATE OF SECURITY Database Security Network Security Application Security 2018 TRUSTWAVE GLOBAL SECURITY REPORT INTRODUCTION INTRODUCTION Executive Summary Ten Years of Security DATA COMPROMISE 2017 Compromise Demographics data, login credentials and other valuable “The times they are information from as many victims as possible. Trustwave SpiderLabs Fast forward 10 years, and we now live in a Advanced Threat Reports world of sophisticated assaults with targeted a-changin’.” attacks and advanced persistent threats from THREAT criminal groups (and sometimes nation states). These skilled professionals have sufficient INTELLIGENCE — Bob Dylan resources, time and patience to perpetrate Web Attacks against specifically chosen targets to breach nearly any network, however long it takes. Email Threats Ten years ago, we published the first volume of the Trustwave Global Security Report. It The 2018 Trustwave Global Security Report Exploits was 11 pages long and focused exclusively kicks off the next decade of cybersecurity Cryptocurrency and Crime on thefts of payment card data from point- by looking back at the last one. We begin of-sale and e-commerce environments. by analyzing some of the data we collected Malware Trustwave has grown a lot since then and over the past 10 years to understand how we so has this report. Unfortunately, the threat arrived where we are now. From there, we landscape has grown, too. move on to an analysis of data compromise THE STATE incidents our incident response teams OF SECURITY In 2008, the biggest threats were covered in 2017. If you wonder what kind of Database Security opportunistic: Attackers distributed their threats are emerging for frontline responders, threats indiscriminately to steal money, card you’ll find it here. Network Security Application Security 2018 TRUSTWAVE GLOBAL SECURITY REPORT INTRODUCTION DATA SOURCES Executive Summary Trustwave’s large, global client base offers unmatched visibility into security threats. Ten Years of Security We gain key insights from our analysis of hundreds of data-breach investigations, threat DATA COMPROMISE intelligence from our global security operations centers, telemetry from security technologies 2017 Compromise and industry-leading security research. Demographics In the Threat Intelligence section, Trustwave SpiderLabs, our elite team of security Trustwave SpiderLabs professionals, will share what they learned THIS YEAR, TRUSTWAVE: Advanced Threat Reports from the cybercriminal underground about ■ Investigated compromised locations in everything from malware development to 21 countries THREAT phishing trends to the underground economy ■ Logged billions of security and compliance events of exploit kits and traffic trading. Lastly, INTELLIGENCE each day across our 10 Advanced Security we survey the state of database, network Operations Centers (ASOCs) Web Attacks and application security with the aid of telemetry from Trustwave’s state-of-the-art ■ Examined data from more than tens of millions Email Threats vulnerability scanning and testing services. of network vulnerability scans Exploits ■ Accumulated results from thousands of web No one can know for sure what the next 10 application security scans Cryptocurrency and Crime years hold for tech professionals or security responders. One thing we can tell you, ■ Analyzed tens of millions of web transactions Malware though, is that Trustwave will be there with for malicious activity you throughout, helping you fight cybercrime, ■ Evaluated tens of billions of email messages protect data and reduce risk from threats THE STATE known and unknown. What does the future ■ Blocked millions of malicious websites OF SECURITY hold? Join us for the next 10 years to find out. ■ Conducted thousands of penetration tests across Database Security databases, networks and applications. Network Security Application Security 2018 TRUSTWAVE GLOBAL SECURITY REPORT EXECUTIVE SUMMARY INTRODUCTION Executive Summary Ten Years of Security DATA COMPROMISE 2017 Compromise Demographics Trustwave SpiderLabs Advanced Threat Reports 43% North 30% America Asia-Pacific THREAT INTELLIGENCE Web Attacks 4% Email Threats Latin America 23% Exploits & Caribbean Europe, Middle East & Africa Cryptocurrency and Crime Malware THE STATE Trustwave investigated breaches affecting thousands OF SECURITY of locations across 21 countries in 2017. Database Security Network Security Application Security 2018 TRUSTWAVE GLOBAL SECURITY REPORT DATA COMPROMISE INTRODUCTION Executive Summary Industries most affected 22% Ten Years of Security Magnetic stripe 40% DATA COMPROMISE of breaches targeted 18% 2017 Compromise payment card data Card-not-present 17% 13% 12% Demographics Retail Finance & Insurance Hospitality Trustwave SpiderLabs Advanced Threat Reports THREAT Incidents involving point-of-sale systems were most common INTELLIGENCE in North America, which has been slow to adopt the Europay, Web Attacks MasterCard and Visa (EMV) chip standard for payment cards Email Threats Exploits Cryptocurrency and Crime Malware Median number of days between intrusion and detection for detected incidents THE STATE OF SECURITY Database Security 0INTERNAL 83EXTERNAL Network Security Application Security 2018 TRUSTWAVE GLOBAL SECURITY REPORT WEB ATTACKS INTRODUCTION Executive Summary Targeted attacks have become more common and are Ten Years of Security becoming more sophisticated: Many high-profile breach incidents show signs of significant preplanning by attackers who carefully identify weak packages and tools on the 40% DATA COMPROMISE targeted servers before making a move. 2017 Compromise Attacks on networked devices have increased significantly Demographics over the past decade. Devices are particularly vulnerable Trustwave SpiderLabs due to lack of hardening in their software and the difficulty Advanced Threat Reports of distributing software updates to the them. For example, of all web attacks Trustwave Trustwave SpiderLabs published two security advisories in 2017 about weaknesses in Netgear routers and Brother researchers observed in 2017 THREAT printers. These weaknesses can allow attackers to involved cross-site scripting INTELLIGENCE compromise the devices or networks and take malicious actions against them. Web Attacks Email Threats Exploits Cryptocurrency and Crime OWASP TOP 10 Malware The Open Web Application Security Project (OWASP) updated its THE STATE list of the 10 most critical web application security risks in 2017. The new list ranks sensitive data exposure more highly and introduces OF SECURITY four new entries, including XML external entities (XXE), broken access Database Security control (created by a merger of two entries in the 2013 list), insecure deserialization and insecure logging and monitoring. Network Security Application Security 2018 TRUSTWAVE GLOBAL SECURITY REPORT EMAIL THREATS INTRODUCTION Executive Summary Percentage of all inbound email that was spam Percentage of spam Ten Years of Security 2008 85% messages that contained malware 2016 59% DATA COMPROMISE 2017 39% 2017 Compromise Demographics 35% 26% Trustwave SpiderLabs Advanced Threat Reports 2016 2017 The Necurs botnet THREAT Malware is on the rise, mostly due to the Necurs botnet. INTELLIGENCE It typically operates in short bursts of intense spamming Web Attacks activity, followed by periods of dormancy. Email Threats Exploits PDF Cryptocurrency and Crime FILES Malware At its peak, Necurs sends spam from Major Necurs campaigns in 2017 delivered THE STATE are gaining traction as a delivery method for between 200,000 and 400,000 unique ransomware, banking Trojan and other phishing lures. An attacker tricks the victim OF SECURITY IP addresses per day. botnet malware using several different into clicking a link in the PDF to supposedly delivery mechanisms and file types. Database Security view secure content, but the link leads instead to a URL of the attacker’s choosing. Network Security Application Security 2018 TRUSTWAVE GLOBAL SECURITY REPORT EXPLOITS INTRODUCTION Executive Summary Trustwave researchers tracked the following exploit kits and zero-day vulnerabilities: Ten Years of Security DATA COMPROMISE 2017 Compromise Demographics Trustwave SpiderLabs Advanced Threat Reports THREAT 34Exploit kits that first 06Web-based, client-size, 04Exploit kits involved in INTELLIGENCE appeared in 2012 and 2013 zero-day vulnerabilities incidents in 2017 exploited in 2017 Web Attacks Email Threats Exploits Cryptocurrency and Crime Malware THE STATE The exploit kit market was much quieter in 2017 following 2016’s disappearance of Angler and Nuclear, OF SECURITY two of the most common exploit kits in the world. Database Security Network Security Application Security 2018 TRUSTWAVE GLOBAL SECURITY REPORT CRYPTOCURRENCY AND CRIME INTRODUCTION Executive Summary The characteristics that have made cryptocurrencies, such as bitcoin, an increasingly popular alternative Ten Years of Security medium of exchange have also made them highly attractive for cybercriminals. DATA COMPROMISE ■ Transactions are fairly anonymous 2017 Compromise Demographics ■ Proof of ownership is relatively basic Trustwave SpiderLabs ■ Currencies are global and not government-controlled $15 Advanced Threat Reports