In-depth Analysis of Threat Intelligence and Breach Incidents Reveals Cyberattacks are Becoming More Organized and Structured; Report Marks Historic Ten-Year Analysis of Cyberthreats
Trustwave today released the 2018 Trustwave Global Security Report which reveals the top security threats, breaches by industry, and cybercrime trends from 2017. The report is derived from the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-beach investigations and internal research. Findings depict improvement in areas such as intrusion to detection however, also showed increased sophistication in malware obfuscation, social engineering tactics, and advanced persistent threats. In addition, this year’s report marks a historic ten-year milestone since inception and takes a special look at how the threat landscape has prospered and evolved over the last decade.
Key highlights from the 2018 Trustwave Global Security Report include:
- North America and retail lead in data breaches – Although slightly down from the previous year, North America still leads in data breaches investigated by Trustwave at 43% followed by the Asia Pacific region at 30%, Europe, Middle East and Africa (EMEA) at 23% and Latin America at 4%. The retail sector suffered the most breach incidences at 16.7% followed by the finance and insurance industry at 13.1% and hospitality at 11.9%.
- Compromise and environment type matters -Half of the incidents investigated involved corporate and internal networks (up from 43% in 2016) followed by e-commerce environments at 30%. Incidents impacting point-of-sale (POS) systems decreased by more than a third to 20% of the total. This is reflective of increased attack sophistication and targeting of larger service providers and franchise head offices and less on smaller high-volume targets in previous years.
- Social engineering tops methods of compromise – In corporate network environments, phishing and social engineering at 55% was the leading method of compromise followed by malicious insiders at 13% and remote access at 9%. This indicates the human factor remains the greatest hurdle for corporate cybersecurity teams. “CEO fraud”, a social engineering scam encouraging executives to authorize fraudulent money transactions continues to increase.
- All web applications found to be vulnerable –One hundred percent of web applications tested displayed at least one vulnerability with 11 as the median number detected per application. 85.9% of web application vulnerabilities involved session management allowing an attacker to eavesdrop on a user session to commandeer sensitive information.
- Web attacks becoming more targeted -Targeted web attacks are becoming prevalent and much more sophisticated. Many breach incidents show signs of careful preplanning by cybercriminals probing for weak packages and tools to exploit. Cross-site scripting (XSS) was involved in 40% of attack attempts, followed by SQL Injection (SQLi) at 24%, Path Traversal at 7%, Local File Inclusion (LFI) at 4%, and Distributed Denial of Service (DDoS) at 3%.
- Malware using persistence techniques – Although 30% of malware examined used obfuscation to avoid detection and bypass first line defenses, 90% used persistence techniques to reload after reboot.
- Service providers are now in the crosshairs -Of great concern is a marked increase at 9.5% in compromises targeting businesses that provides IT services including web-hosting providers, POS integrators and help-desk providers. A compromise of just one provider opens the gates to a multitude of new targets.In 2016, service provider compromises did not register in the statistics.
- Large disparity when breaches are detected internally versus externally – The median time between intrusion and detection for externally detected compromises was 83 days in 2017, a stark increase from 65 days in 2016. Median time between intrusion and detection for compromises discovered internally however, dropped to zero days in 2017 from 16 days in 2016, meaning businesses discovered the majority of breaches the same day they happened.
- Payment card data is still king -Down from the previous year, payment card data at 40% still reigns supreme in terms of data types targeted in a breach. The figure is split between magnetic stripe data at 22% and card-not-present (CNP) at 18%. Surprisingly, incidents targeting hard cash is on the rise at 11% mostly due to fraudulent ATM transaction breaches enabled by compromise of account management systems at financial institutions.
- Necurs keeps malware-laced spam high – Several major Necurs botnet campaigns for propagating ransomware (including WannaCry), banking trojans and other damaging payloads kept spam containing malware high at 26%, down from 34.6% in 2016. Interestingly, more than 90% of spam-borne malware are delivered inside archive file such as .zip, .7z and RAR, typically labeled as invoices or other types of business files.
- Database and network security, a year of critical patching – The number of vulnerabilities patched in five of the most common database products was 119, down from 170 in 2016. Fifty three percent of computers with SMBv1 enabled were vulnerable to MS17-010 “ETERNALBLUE” exploits used to disseminate the WannaCry and NotPetya ransomware attacks.
The 2018 Trustwave Global Security Report, the tenth addition of the report, also offers a ten-year retrospective of cybersecurity trends. Key highlights include:
- Vulnerabilities have seen a sharp surge -After remaining relatively level from 2008 to 2011, a marked increase in vulnerability disclosures began in 2012 with a dramatic spike in 2017. This is in part due to the doubling of internet users over the course of a decade. The technically savvy, including both security researchers and criminals, are now actively looking for vulnerabilities with the latter selling corresponding exploits on the dark web to make hefty profits. More vulnerabilities equate to greater potential for exploitations.
- Exploit kits, from boom to bust -Starting in 2006 with Web Attacker, exploit kits for providing a means for non-technical attackers to infect computers, saw a dramatic rise eventually evolving into a software-as-a-service (SaaS) model in 2010 with prices ranging from $50 to $10,000 per month and flourished between 2013 and 2015. In 2016 to present, after several arrests and the disappearance of the top three kits, the exploit kit market sits dormant. Look for resurgence as serious players eventually surface to drive new demand in a once lucrative market.
- Spam on the decline -Accounting for more than 87.2% of all incoming mail monitored by Trustwave, 2009 ranks as the worst year for spam. After 2009, spam activity has decreased each year and currently sits at less than 40% of all incoming email. Today, a small number of criminal gangs using botnets to distribute malware control most spam.
“Our 2017 threat intelligence and investigations along with a retrospective view of the last ten years has unequivocally exposed cybercriminals and their attacks are becoming more methodical and organized,” stated Steve Kelley, Chief Marketing Officer at Trustwave. “As long as cybercrime remains profitable, we will continue to see threat actors quickly evolving and adapting methods to penetrate networks and steal data. Security is as much a ‘people’ issue as it is a technology issue. To stay on par with determined adversaries, organizations must have access to security experts who can think and operate like an attacker while making best use of the technologies deployed.”
Trustwave experts gathered and analyzed real-world data from hundreds of breach investigations the company conducted in 2017 across 21 countries. This data was added to billions of security and compliance events logged each day across the global network of Trustwave Advanced Security Operations Centers, along with data from tens of millions of network vulnerability scans, thousands of web application security scans, tens of millions of web transactions, tens of billions of email messages, millions of malicious websites, penetration tests, telemetry from security technologies distributed across the globe and industry-leading security research.
To download a complimentary copy of the 2018 Trustwave Global Security Report, visit: https://www2.trustwave.com/GlobalSecurityReport.html.
Young adults lean towards ‘on-the-job’ learning as 6 in 10 say pandemic has impacted educational plans
- Six in 10 (61%) of 16-25s agree learning ‘on-the-job’ is the best way to get on the jobs ladder in the current environment
- 59% would rather study a degree subject connected to a profession than one they are good at
- 59% believe tech sector offers strong career opportunities and is voted most futureproof sector by 16-25s following the pandemic
- QuickBooks launches free online programming course with Amigoscode to help young people kickstart their tech career
Nearly two thirds (63%) of 16-25s have seen their future educational plans impacted by the pandemic, new research from Intuit QuickBooks1 – the financial software provider – reveals, with the uncertainty caused by COVID-19 driving young people to look for faster and more secure ways to get jobs.
And with more than half a million young people now unemployed – a rise of 35,000 from the previous quarter2 – six in ten (61%) 16-25s agree that learning ‘on-the-job’ is the best way of getting on the careers ladder in the current environment.
With COVID-19 highlighting the importance of more ‘futureproof’ career options, the technology sector has been identified by 16-25s as offering particularly strong career opportunities (59%).
To help young people kickstart their tech career, QuickBooks – home to top UK tech talent – has launched a free online programming course with Amigoscode.
Careers-focused learning takes priority
If they were to attend university or study for a degree, 59% of 16-25s would rather study a subject connected to a profession than one they’re good at, while nearly a third (31%) would only consider studying for a degree that would help them get a job in a sector that is likely to grow in future.
However, almost half (45%) of 16-25s are now reconsidering attending university at all. A quarter (26%) believe it is now more important to get on the job ladder than get a degree, while 19% don’t want to go to university because they are worried about their safety.
As remote learning becomes the new norm, more than a quarter (28%) of 16-25s now plan to carry out an online university degree (such as those offered by the Open University) instead of physically going to university.
Technology sector is voted most futureproof
The research reveals 16-25s believe the technology sector is the most futureproof (40%), ranking significantly higher above the second most popular option (construction – 27%).
Almost a fifth (19%) of the 16-25s surveyed already have a career in the technology sector, while 34% are considering it – rising to 38% of those aged 16-19.
Of those who are interested in the sector but are not currently considering it, the biggest barrier is simply not knowing how to get a job in this area (32%), closely followed by having never received any information about the sector from careers advisors etc. (30%). A quarter (25%) don’t think they could afford to undertake the necessary training or qualifications to get a job in the sector.
Ben Brown, Head of Engineering at Intuit QuickBooks, comments:
“With COVID-19 causing economic uncertainty and driving unemployment levels, young people are increasingly looking for ways to fast-track onto the careers ladder. And getting straight into the tech sector, which has proven to be resilient in the face of the pandemic, is particularly appealing. Technology, after all, is the fuel that has allowed many other sectors to continue operating.
“On-the-job learning is common in the tech sector, but to be a successful candidate, applicants need to demonstrate genuine interest and enthusiasm by having carried out their own independent learning. Employers can enable this by creating opportunities for young people to take part in free training courses and taster sessions, which helps them to gain valuable skills and decide if the sector is for them.
“QuickBooks engineers frequently host and coach participants through Code First Girls sessions – which are aimed at women looking to learn more about programming – and we are thrilled to be partnering with Amigoscode to offer a free programming course.”
Nelson Djalo, Founder of free coding resource Amigoscode and Software Engineer, comments:
“The perception of not having enough knowledge is the main barrier to young people getting into the technology sector. Skills can be built over time – passion, drive and a willingness to learn are the most important qualities to have. People from lots of different backgrounds and interests can get into the sector, and there are a whole host of roles aside from programming and software engineering.
“I offer programming courses and coding tutorials because I believe the sector should be accessible to anyone. I’m pleased to be partnering with QuickBooks to offer a tailormade course for anyone who is interested in getting into the industry and wants to learn more about programming.”
The Amigoscode x QuickBooks course is available here as a video, and here as a playlist. The 2.5 hour course and video playlist covers the basics of programming; the basics of Python and a project task (building a CV). Participants will also build a portfolio which could be the starting point of their tech journey/career.
Watch Nelson’s other tutorials on the Amigoscode YouTube channel here.
Case studies of young QuickBooks software engineers are available on request.
Five things to consider when organising a remote work Christmas party
By Kate Palmer, HR Advice and Consultancy Director at Peninsula
Christmas is usually a time of cheer and celebration, and the perfect way for employers to incorporate this in the workplace is by organising a Christmas party for their staff. However, things will have to be a little different this year due to the ongoing disruption caused by the coronavirus pandemic. While the easiest, and cheapest, option for employers is to not go ahead with their annual festive plans, in the spirit of keeping Christmas alive some may choose to organise a remote party.
There are, however, some important things that employers should be aware of.
- The coronavirus pandemic has highlighted the need for employers to keep their employees’ wellbeing in mind, much more than ever before. This is why, even with something that can be considered a ‘treat’ for employees, people who are working carers, have been struggling with work-related stresses, may not want to partake in a Christmas party this year, however well-intentioned it may be on the employer’s part. It is therefore advisable that remote parties should be optional and not constrained to a certain timeframe in which staff must be in attendance.
- Employers should ensure that those in attendance do not feel excluded from any activities during the party. For example, if an employee does not drink alcohol and a virtual wine tasting activity makes up the bulk of the event, such a person would not be able to contribute to the fun and may therefore feel left out. Consequently, it may be better for employers to ensure that there is a wide range of activities available that cater to the individuals who are attending.
- When attendees and potential attendees, have been established and the activities have been finalised, it is in the best interest of the company to send out emails to them. It should detail what is expected of them at the event and highlight that the same conduct is expected of them at a remote party as it would be at an in-person event. It should also outline that the same disciplinary procedures would apply in a situation where an employee commits a form of misconduct during the event.
- Similarly, employees should be made aware that the same grievance produce applies – to ensure that if company rules are broken by an employee or a grievance with the company itself, the affected employee will be able to raise this with the company.
- Finally, while employees can use their social media accounts in their own personal time, including at work social gatherings, employers must ensure that the use of social media should be done in a manner that does not adversely affect the company’s reputation.
To conclude, remote parties are the perfect way to ensure that social distancing rules are adhered to and that employees are rewarded for their efforts, there should be a mutual sense of responsibility on the part of the company and its employees.
Reasons to remote manage in a socially distanced world
By Paul Routledge Country Manager D-Link UK and Ireland
As the world continues to adapt in varying degrees to the ongoing COVID-19 pandemic, many businesses and enterprises will find themselves adjusting to more permanent, new ways of working, problem-solving and service delivery. Governments and global leaders have already introduced new measures to support these adjustments, and as a result we have already seen many companies re-evaluate how they work as well as how teams are organized and provided for. As the pandemic remains a fixture of this year of which the impact will continue to be felt in the year ahead, it’s becoming clear that the role of technology and the innovation therein will be key to ensuring businesses can weather ongoing the crisis.
For many businesses, until recent years, the vast bulk of network management was conducted and carried out on location at the client site. However, the value of remote network management has fast become an asset to businesses in the 21st century – giving IT service providers more capacity to manage a larger number of customer sites at any given time.
In addition, remote network management solutions play an important role in increasing transparency across sites by providing a complete view of the status of different networks via comprehensive interactive dashboards and informative management systems. For example, Nuclias by D-Link offers an easy to set up network management solution that provides flexibility to make onboarding, studying, troubleshooting, and reporting network activity quick and easy.
For IT service providers, establishing new ways of working is particularly important. As they seek alternative methods of supporting customers in different locations, many will be looking to the advantages that remote network management has to offer.
Before the pandemic, D-Link Europe explored the state of play of network management and challenges its partners were facing in this space. The study found that, 75% of IT service providers in Europe were already using remote access tools to support or manage network infrastructure on customer sites, yet a quarter (25%) were still relying on in-person visits to resolve network issues for customers.
Interestingly, the findings show that the larger the number of clients a provider has, the less likely they are to use remote management tools. Only 22% of European IT service providers surveyed provide more than 50 customers with remote management services. Complete adoption of remote network management methods will be a gradual process, yet the pandemic and the government restrictions in place across much of Europe have a part to play in creating the circumstances where in-person visits occur much less often if at all.
As a result, it is likely we will see a more permanent adoption of remote networking management systems – as businesses work hard to adapt to a ‘new normal’ and an unpredicatable year ahead. The point of this will not only to provide network management services in a more efficient and less time-consuming way but also to uphold the safety measures now expected of most workplaces.
This is particularly pertinent in an environement where businesses are limiting contact in the workplace and adhering to safetymechanisms also seen more widely in society – including technologies such as group temperature screening cameras as well as track and trace systems. There is a clear opportunity for IT service providers to make the most of remote networking management tools’ benefits to uphold the safety and health of their own employees, as well as personnel at client sites by reducing unnecessary human contact.
An additional benefit to be reaped from remote network management is how IT service providers can economise on time spent travelling to and from client sites, in addition to time spent resolving issues on-site. D-Link research found that 60% of European IT service providers spend between four to six hours per week installing and configuring new wireless or wired networks at client sites. This additional time spent travelling to and from client sites puts employees at particular risk, especially as they often travel long distances to get there.
What’s more, in terms of the time technicians usually spend at client sites, when it comes to configuring a replacement wireless access point, only 31% of providers feel they can keep this service under one hour. Remote network management allows technicians to use this time more effectively. Nuclias by D-Link, for example, will enable administrators to stay on top of any management tasks like creating guest networks, adding Wi-Fi to additional locations, updating devices and upholding network security.
Furthermore, IT service providers will be able to offer their clients more benefits, by providing centralised management and more visibility of their network, allowing them to act on network disruptions and problems before they become pervasive issues. Nuclias Cloud is designed for smaller businesses who lack in-house IT skills, such as hospitality and retail chains. These companies can benefit from easy network expansion and implementation of updates without the need for additional training.
Remote management solutions, like Nuclias, are also well-placed to support the growth of IT service providers as they look to offer more managed services. Not only do they enable teams to provide deployments but also increased administration services and supervision of client networks; resulting in improved reactivity to issues and better quality of service. The added advantage of unlimited scalability, thanks to the use of cloud-enabled devices, means providers can also keep resources and costs low – generating a more significant return on investment.
Right now, it still feels like there is some way to go before normal life resumes – however, as the long-term impacts of COVID-19 become more apparent, companies worldwide will need to continue to relying on innovative technology to tackle workplace concerns. With solutions such as remote network management playing an important role in supporting service providers and their clients as they do.
Tax administrations around the world were already going digital. The pandemic has only accelerated the trend.
By Emine Constantin, Global Head of Accoutning and Tax at TMF Group. Why do tax administrations choose to go digital?...
Time for financial institutions to Take Back Control of market data costs
By Yann Bloch, Vice President of Product Management at NeoXam Brexit may well be just around the corner, but it is...
An outlook on equities and bonds
By Rupert Thompson, Chief Investment Officer at Kingswood The equity market rally paused last week with global equities little changed...
Optimising tax reclaim through tech: What wealth managers need to know in trying times
By Christophe Lapaire, Head Advanced Tax Services, Swiss Stock Exchange This has been a year of trials: first, a global...
Young adults lean towards ‘on-the-job’ learning as 6 in 10 say pandemic has impacted educational plans
Six in 10 (61%) of 16-25s agree learning ‘on-the-job’ is the best way to get on the jobs ladder in the current environment 59%...
Five things to consider when organising a remote work Christmas party
By Kate Palmer, HR Advice and Consultancy Director at Peninsula Christmas is usually a time of cheer and celebration, and...
Reasons to remote manage in a socially distanced world
By Paul Routledge Country Manager D-Link UK and Ireland As the world continues to adapt in varying degrees to the...
Barclays announces new trade finance platform for corporate clients
Barclays Corporate Banking has today announced that it is working with CGI to implement the CGI Trade360 platform. This new...
An unprecedented Black Friday: How can retailers prepare?
Retailers must invest heavily in their online presence and fight hard to remain competitive as a second lockdown stirs greater...
What’s the current deal with commodities trading?
By Sylvain Thieullent, CEO of Horizon Software The London Metal Exchange (LME) trading ring has been the noisy home of...