Missed apress release from Trustwave last week, but worth noting:
Today Trustwave unveiled its 2011 Global Security Report, which reveals the target of attacks has shifted from traditional infrastructure to mobile users and endpoint devices. This trend combined with the popularity of mobile devices and social media is providing the perfect recipe for cybercriminals looking to compromise business, customer and user private and sensitive information. The report offers analyses of data compromise investigations, offensive security exercises and defense strategies taken directly from Trustwave’s expansive global client base.
Key Report Findings
- Food and beverage regained its title as the most breached industry-representing 57% of the investigations.
- Third-party vendors continue to put companies at risk-88% of breaches resulting from insecure software code or lax security practices in the management of third-party technology.
- Cybercriminals got fresh in 2010-because in-transit credit card data is usually more recently created (more fresh) than stored data, 66% of investigations found the theft of data in transit.
- A single organized crime syndicate may be responsible for more than 30% of all 2010 data breaches.
Evolving Threats
- Among the most interesting and surprising elements of the report is the rate and sophistication of attacks against mobile platforms and social networking sites. As the security of mobile networks has improved, mobile devices are increasingly the target of attacks, while social networking sites are quickly becoming cybercriminals’ platform of choice to expand and propagate destructive botnets. Drive-by infections and mobile phishing attacks were among the most popular client-side attacks in 2010.
- Geolocation data is helping cybercriminals launch more sophisticated and targeted attacks against social networks.
- Mobile devices offer cybercriminals an open door to corporate authentication credentials, sensitive data and trade secrets.
- Anti-virus software is losing the battle against malware-the new breed of malware is virtually undetectable by current scanning software.
[…]
A complete copy of the “2011 Global Security Report” is available at: https://www.trustwave.com/GSR.
Report Methodology
The foundation of Trustwave’s Global Security Report 2011 is data from real-world investigations and research that SpiderLabs performed in 2010. Results are based on information gathered from over 200 data breach investigations, 2,300 penetration tests and other security-as-a-service (SaaS) activities conducted for our clients. Standardized tools were used to record data, as well as other relevant details for each case or test.