SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

Trustwave report highlights biggest cybersecurity trends of today

By Catherine Knowles
Mon 27 Apr 2020
FYI, this story is more than a year old

As organisations move to cloud environments and embark on digital transformation projects, cybersecurity threats are becoming more pervasive and attacks are becoming more targeted, according to a new report from Trustwave.

The 2020 Trustwave Global Security Report highlights key trends around cyber criminals activity and success rate, looking at specific technology, methods, industries and scams.

Attacks on cloud services has more than doubled. Corporate environments continue to lead all environments targeted by cybercriminals at 54%, slightly down 2%, followed by eCommerce at 22%, down 5%, when compared to 2018.

Cloud services also saw the biggest increase and is now the third most targeted environment accounting for 20% of investigated incidents, up significantly from 7% the previous year, Trustwave finds.

When it comes to methods, social engineering remained the top mode of compromise in 2019. In fact, half of all incidents investigated by Trustwave analysts were the result of phishing or other social engineering tactics, up from 33% in 2018.

Interestingly, the 1,250% surge of cyrptojacking malware observed in 2018 used to place JavaScript coin miners on websites or infect carrier-grade routers all but vanished in 2019, after crypto mining service Coinhive shut down.

To make up for lost revenue, cybercriminals stepped up social engineering efforts by sending fake update messages for browsers, operating systems and other software to trick users into installing malware, Trustwave states.

Ransomware incidents overtook payment card data when comparing types of information most targeted by cybercriminals. The monetary return of encrypting specific computer files or entire systems and demanding payment accounted for 18% of breach incidents observed in 2019, up from 4% in 2018.

By comparison, the success of ransomware was slightly higher than the total percentage of incidents involving card-not-present and track data at 17%.

Meanwhile, findings show a notable decrease in the volume of spam email targeting organisations from 45.3% in 2018 to 28.3% in 2019. Trustwave states this is due to several large spamming operations reducing activities or vanishing altogether.

Of the spam analysed in 2019 by Trustwave, only 0.2% contained malware down from 6% the previous year. This decrease, although positive, supports findings cybercriminals are shifting tactics opting for more targeted and personal email attacks known as Business Email Compromise (BEC), Trustwave states.

In 2019, the analysts saw the average volume of BEC messages captured at the gateway rise to an average of 60 messages per day up from 20 messages the previous year.

Also in the realm of malware, downloaders at 24.9% made a significant jump in the largest single category of malware encountered, up from 13% in 2018.

The increase can be attributed to an uptick in malware-as-a-service bots such as Emotet, Trustwave states. Criminals often use downloaders and droppers in multi-stage attacks to install additional malware varieties.

Database information disclosure vulnerabilities also increased. Trustwave finds that the number of vulnerabilities patched in five of the most common database products was 202, up from 148 in 2019.

Of those patched, 118 allowed denial of service (DOS) attacks followed by information disclosure at 28, up from 15 in 2018.

When looking at specific systems, 69% of malware investigated by Trustwave targeted the Windows operating system followed by cross-platform at 23% and Unix at 8%. Of the exploited vulnerabilities observed, the top two at 61% when combined, allowed remote code execution.

Furthermore, 67% of exploits used against service providers involved CVE-2014-0780 giving remote attackers the ability to read administrative passwords in app files and execute arbitrary code in unspecified web requests.

Attacks from Magecart, a loose affiliation of cybercriminal groups who target eCommerce sites often through the Magento platform, accounted for nearly 6% of overall Trustwave investigations in 2019 up from zero instances four years ago.

Retail and hospitality have been hardest hit as cybercriminals pivot from targeting point-of-sale (POS) terminals due to implementation of Europay, MasterCard and Visa (EMV) chip technology to targeting online storefronts.

Finally, for a second consecutive year, the Asia-Pacific region led in the number of data compromises investigated, accounting for 37% of instances, up 2% from 2018 and 7% from 2017. North America followed at 33% slightly rising 3% from 2018; Europe, Middle East and Africa came in third at 25% and Latin America & Caribbean (LAC) at 4%.

The retail sector led the number of incidents at 24% jumping 6% compared to 2018. The financial industry came in second at 14% and hospitality third at 13% up 3% since 2018.

On the prevention side, Trustwave notes that internal detection is crucial for reducing threat response time. According to the analysts, the median time duration from threat intrusion to detection when detected internally dropped to just two days, down from 11 days in 2018.

The median time duration from threat intrusion to detection when detected externally by a third party however rose significantly to 86 days from 55 days just a year ago.

Trustwave chief executive officer Arthur Wong says, “Our 2019 findings depict organizations under tremendous pressure contending with adversaries who are methodical in selecting their targets and masterful at finding new pathways into environments as the attack surface widens.

“We continue to see the global threat landscape evolve through novel malware delivery, inventive social engineering and the ways malicious behaviors are concealed. How fast threats are detected and eliminated is the top cybersecurity priority in every industry.”

The report is based on the analysis of a trillion logged security and compromise events, hundreds of hands-on data-breach and forensic investigations, penetration tests and red teaming exercises, network vulnerability scans and internal research.

Trustwave experts gathered and analysed real-world data from hundreds of breach investigations that the company conducted in 2019 across 16 countries.

Related stories
Top stories
Story image
Verizon supports Fujifilm's cybersecurity advancements
Verizon Business is supporting Japan’s Fujifilm Holdings to strengthen its global cybersecurity monitoring and cyber intelligence capabilities.
Story image
Crypto crime: Illicit activity falls with rest of market
Cryptocurrency scams, which typically present themselves as passive crypto investing opportunities, are less enticing to potential victims.
Story image
DDoS activity rises dramatically - Radware report
The first six months of 2022 were marked by a significant increase in DDoS activity across the globe, according to a new report.
Story image
Cloud Security
Aqua Security adds CPSM capabilities to Aqua Trivy
Aqua Security has added cloud security posture management (CPSM) capabilities to its open source tool, Aqua Trivy.
Story image
‘Windows shops’ target admin rights to de-risk their environments
New data shows up to 75% of critical vulnerabilities could be mitigated through a rights and privileges crackdown
Story image
Fortinet attributes Gartner-reported growth to ZTNA approach
Zero-trust is slowly becoming a dominant enterprise security strategy for businesses, and the Gartner report highlights that although prominent, it is often underutilised.
Story image
Demand grows for future-proof mobile access solutions
HID Global, in partnership with IFSEC Global, recently released the 2022 State of Physical Access Control report for the fourth year running.
Story image
Classiscam threat expands to target leading platforms in Singapore
Researchers at Group-IB have uncovered that Classiscam, a sophisticated scam-as-a-service operation, has expanded to Singapore.
Story image
Data analytics
Pressure on orgs to up their data analytics game - study
A recent report from Sisense highlights data transmission, analysis, and risk management remain top concerns for data professionals in APAC.
Story image
Organisations exposing highly sensitive protocols to public internet
More than 60% of organisations expose remote control protocol SSH to the public internet, while 36% of organisations expose the insecure FTP protocol.
Story image
Data Protection
Safeguarding your financial data
As the digital revolution marches on, managing data security has never been more important. Here are five important steps to take toward better financial data security.
Story image
Kaspersky uncovers new attacks by advanced persistent threat group
The attacks involved modifications of the well-known malware, DTrack, as well as the use of a brand-new Maui ransomware.
Story image
CISOs need to consider a risk-based cybersecurity strategy
Rather than talking in terms of attack vectors and vulnerabilities, CISOs and security decision-makers must look at actual business risk.
AWS Marketplace
Watch this webinar to gain building blocks for data mesh, and how AWS customers today are successfully enabling domain driven data.
Link image
Story image
Education sector seeing highest volumes of cyber attacks
When breaking down the numbers to education attacks by region in July 2022, A/NZ was the most heavily attacked.
Story image
Email scams
HelpSystems shines light on impact of response-based threats
Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41% of all email-based scams.
Story image
Facial recognition
Benefits vs risks of facial recognition technology
Once a distant, futuristic concept, facial recognition technology is now found in many technological applications with a variety of different functions. 
Story image
Machine learning
Sysdig releases CDR offering to combat cryptojacking
Sysdig has unveiled a cloud detection and response (CDR) offering powered by machine learning to combat cryptojacking.
Story image
Privileged Access Management / PAM
The importance of stopping identity sprawl for cybersecurity
The 2021 Data Breach Investigations Report (DBIR) shows that 61% of all breaches involve malicious actors gaining unauthorised, privileged access to data by using a compromised credential. Unfortunately, it is often too late when the misuse of a credential is detected.
Story image
Sophos reveals latest ransomware trend impacting orgs
Sophos has announced in a new whitepaper that Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacked the same network.
Story image
Lacework launches new capabilities for better threat detection
Lacework has announced new capabilities that enable organisations to uncover more critical threats to their infrastructure and empower teams.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Artificial Intelligence
Concentric AI protects sensitive data with new capabilities
The new capability reveals sensitive data shared across email and business messaging platforms and highlights who has inappropriate access to content.
Story image
Cyber attacks
Dramatic uptick in threat activity with exploits growing nearly 150%
"While it’s not a surprise given increased attack opportunities like remote work, it’s still a worrying development and one we cannot ignore."
Story image
Avast reveals zero-day exploits targeting Chrome and Microsoft
Avast, released its Q2/2022 Threat Report today, revealing a significant increase in global ransomware attacks, up 24% from Q1/2022.
Story image
Can biometrics help? 123% increase in Gen Zs scammed online
In the three years leading up to 2022, the number of Gen Zs who fell victim to online scams rose by 123%, according to Ping Identity.
Story image
Cloud Security
Tenable makes additions to Cloud Security portfolio
Tenable has announced additions to Tenable Cloud Security that represent the next step in assessing threats related to cloud vulnerabilities.
Story image
8x more users attacked via old Microsoft Office vulnerability in Q2
"Criminals craft malicious documents and convince their victims to open them through social engineering techniques."
Story image
Cloud Security
Lookout named Strong Performer in 2022 Gartner Peer Insights
Gartner has recognised Lookout as a Strong Performer in the 2022 Gartner Peer Insights Voice of the Customer for Security Service Edge (SSE).
Story image
Schneider Electric launches Connected Services with Claroty
Schneider Electric is teaming up with Claroty to assist in maintaining cybersecurity for physical assets - a critical issue.
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
Story image
Data Protection
Zero Trust, but verify - finding the OT in ZerO Trust
The move to remote and cloud-based technologies has shifted the goalposts for cybersecurity. It now needs to cover multiple people, devices, platforms, and networks.
Story image
Gartner Magic Quadrant
Gartner names Lookout a Visionary in 2022 Magic Quadrant
Gartner has recognised Lookout as a Visionary in the 2022 Magic Quadrant for Security Service Edge (SSE) and one of the top three offerings in the 2022 Gartner Critical Capabilities for SSE report.
Story image
High level of Customer Identity & Access Management adoption
The study from Okta revealed that the pandemic has either accelerated or highlighted the need for digital-first strategies.
Story image
Mandiant researchers uncover significant new disinformation campaign
Researchers from Mandiant say they have uncovered a significant disinformation campaign from the Chinese Government in the wake of U.S. Speaker Nancy Pelosi's visit to Taiwan.
Story image
Dark web
Beware the darkverse and its cyber-physical threats
A darkverse of criminality hidden from law enforcement could quickly evolve to fuel a new industry of metaverse-related cybercrime.
Story image
Attacks on gaming companies more than double over past year
The State of the Internet report shows gaming companies and gamer accounts are at risk, following a surge in web application attacks post pandemic.
Story image
Latest VMware threat report reveals truth about deepfakes
"Cyber criminals have evolved. Their new goal is to use deepfake technology to compromise organisations and gain access to their environment."
Story image
Dynatrace extends application security capabilities for runtime environments
Dynatrace has announced that it has extended its Application Security Module to detect and protect against vulnerabilities in runtime environments.
Story image
Claroty research unveils new attack that targets PLCs
Claroty has released research detailing a new type of cyber-attack, one that weaponises programmable logic controllers (PLCs).