Agency / Source: Trustwave

Check Ads Availability|e-mail Article

Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

Trustwave Released the 2019 Trustwave Global Security Report - New Trustwave Report Underscores Progressing Global Cybersecurity Threats -
Trustwave Released the 2019 Trustwave Global Security Report


PRZOOM - /newswire/ - Chicago, IL, United States, 2019/04/25 - New Trustwave Report Underscores Progressing Global Cybersecurity Threats -

Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


Comprehensive Analysis of Data Breach Investigations, Internal Threat Intelligence and Security-Based Telemetry Reveals Cybercriminals are Becoming More Methodical and Adaptive.

Trustwave today released the 2019 Trustwave Global Security Report, which reveals the top security threats, breaches by industry and cybercrime trends from 2018.

The report is based on the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-breach and forensic investigations, manual penetration tests, network vulnerability scans and internal research. Findings illustrate cybercriminals deviating towards a more focused approach against targets by using better obfuscation techniques and improved social engineering skills as organizations improve in areas such as time to detection and response to threats.

Key findings from the 2019 Trustwave Global Security Report include:

Asia Pacific and retail lead in data breaches -- The Asia-Pacific region led in the number of data compromises investigated, accounting for 35% of instances and overtaking North America at 30%, down from 43% in 2017. Europe, Middle East and Africa (EMEA) came in third at 27%, followed by Latin America & Caribbean (LAC) at 8%. The retail sector experienced the highest number of incidences at 18%. The finance sector came in second at 11% and hospitality third at 10%, each slightly dropping from 13% and 12%, respectively, from the previous year.
Email threats becoming more focused -- Spam messages analyzed containing malware significantly diminished in 2018, to 6% from 26% in 2017. This drop can be attributed to a shift in tactics to shorter, more regional campaigns from Necurs, the largest malicious spamming botnet. For example, sextortion email campaigns designed to dupe victims into paying large ransoms by playing on fears that compromising videos exist on the recipient was nearly non-existent in 2017 yet rose toward the end of 2018 to account for 10% of all spam analyzed.
Malware becoming harder to detect -- Slightly down from the previous year, the largest single category of malware encountered was downloaders at 13%. Remote access Trojans (RATs) at 10% and web shells at 8%, both of which give attackers extensive control over compromised computers, were the second and third most common types of malware discovered. Memory scrapers and dumpers used to steal payment card numbers from point-of-sale (POS) systems saw a sharp decline from 16% in 2017 to just 8% in 2018 as Europay, Mastercard and Visa (EMV) chip technologies become more prevalent. Sixty-seven percent of malware analyzed used obfuscation to help avoid detection, an astounding leap from 30% the previous year.
Denial-of-service tops database vulnerability patching -- The number of vulnerabilities patched in five of the most common database products was 148, up from 119 in 2017. At 62%, denial-of-service (DoS) vulnerabilities used primarily for disruption accounted for the most vulnerabilities discovered across all major platforms in 2018. Far more serious information disclosure and privilege-escalation vulnerabilities used to gain unauthorized access and manipulate sensitive data accounted for 8.7% and 8.1% of patching incidents, respectively.
Social engineering: cybercrime’s favored method of compromise -- Social engineering was the top method of compromise in 2018 in every environment analyzed other than e-commerce. In both cloud and POS environments, 60% of breach investigations can attribute successful social engineering as the conduit to initial point of entry. Social engineering in corporate and internal environments were slightly less yet significant at 46%. Analysis of phishing scams targeting those with authority to transfer company funds, known as business email compromise (BEC) or CEO fraud, revealed interesting results: 84% of BEC messages used free webmail services for distribution, 12% used spoofed company domains and 4% elected to employ misspelled or lookalike domain names to deceive recipients.
Card-not-present data most valued by cybercriminals -- Payment card data led in the types of information most coveted by cybercriminals, comprising 36% of breach incidents observed. Most notable: card-not-present data at 25% rose 7% from the previous year largely due to increased Magecart attacks targeting e-commerce sites, while magnetic stripe data fell 11%, coming in at 11% of incidents observed in 2018. The decline in magnetic stripe data incidents can be correlated with increased global adoption of EMV chip technology designed to better protect POS systems.
Marked improvements in threat response time -- The median time duration from threat intrusion to containment fell to 27 days, from 67 days in 2017, and the median time between intrusion and detection for externally detected compromises fell to 55 days, down from 83 days in 2017. Adoption of technologies such as endpoint detection and response (EDR), behavioral analytics and stronger organizational security maturity helped lead to improvements.
Cryptojacking dominates web-based attacks -- A steep year-over-year increase of 1,250% was observed in cryptojacking malware, which was almost non-existent in 2017. Used to covertly place legitimate JavaScript coin miners on websites or infect carrier-grade routers, cryptojacking malware illegally mines cryptocurrency for cybercriminals using the computing resources of unsuspecting victims. In 97% of the 2,585 websites observed that were known to be compromised, the now-defunct Coinhive miner was preferred.
All web applications found to be vulnerable -- For a second straight year, 100% of web applications tested possessed at least one vulnerability, with the median number of vulnerabilities rising to 15, up from 11 in 2017. Of more than 45,000 vulnerabilities discovered by Trustwave penetration testers, 80% were classified as low risk, with the remaining 20% deemed medium to critical. The most common critical weakness involved omission of Microsoft Security Update MS17-010, which fixes the ETERNALBLUE vulnerability in the Server Message Block (SMB) protocol used for local network communication.
Corporate and internal networks at most risk -- Fifty-seven percent of the incidents investigated involved corporate and internal networks (up from 50% in 2017), followed by e-commerce environments at 27%. Incidents impacting POS systems decreased by more than half to just 9% of the total occurrences reflecting EMV use as a successful technology.

“Our 2018 findings portray a story about adaptiveness, both from a business and cybercriminal perspective,” said Arthur Wong, Chief Executive Officer at Trustwave. “We are seeing the global threat landscape continue to evolve as cybercriminals deterred by advanced monitoring and detection systems go to extraordinary lengths to breach organizations by wielding new malware variants, zero-day exploits and social engineering savvy. It’s becoming imperative for businesses accelerating digital transformation to implement security programs that can quickly address attack innovation and ever-changing environments through leading-edge technologies and high-level security expertise.”

Data Sources

Trustwave experts gathered and analyzed real-world data from hundreds of breach investigations that the company conducted in 2018 across 19 countries. This data was added to billions of security events logged each day across a global network of Trustwave Advanced Security Operations Centers, along with deep analysis of tens of billions of email messages; tens of millions of web transactions; thousands of penetration tests across databases, networks and applications; and telemetry from both native and partner technologies distributed across the globe.

About Trustwave

Trustwave ( is a leading cybersecurity and managed security services provider that helps businesses fight cybercrime, protect data and reduce security risk. Offering a comprehensive portfolio of managed security services, security testing, consulting, technology solutions and cybersecurity education, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries.

Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


Agency / Source: Trustwave


Availability: All Regions (Including Int'l)


Traffic Booster: [/] Quick PRZOOM - Press & Newswire Visibility Checker


Distribution / Indexing: [+]  / [Company listed above is a registered member of our network. Content made possible by PRZOOM / PRTODAY indexing services]

# # #

  Your Banner Ad showing on ALL
IT Security/Anti-Spam articles,
CATCH Visitors via Your Competitors Announcements!

Trustwave Released the 2019 Trustwave Global Security Report

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name PRZOOM - Press & Newswire and LINK as the source.
  For more information, please visit:
Is this your article? Activate ALL web links by Upgrading to Press Release PREMIUM Plan Now!
Global Security Report | Trustwave
Contact: Press Office - 
312-873-7500 pr[.]
PRZOOM / PRTODAY - Newswire Today disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any Trustwave securities in any jurisdiction including any other companies listed or named in this release.

IT Security/Anti-Spam via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY

Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

Read Latest Press Releases From Trustwave / Company Profile

Read IT Security/Anti-Spam Most Recent Related Press Releases:

Forescout and Advent International Reach Amended Merger Agreement
Trustwave Launches New Global Channel Partner Program
New F5 Solution Defends Customers’ Websites through Protection against Bots and Credential Stuffing
BAE Systems’ Cyber Security Venture Secures Top-tier Investment for Launch as New Business
OpenText Unveils New Webroot® DNS Protection - Delivers Privacy and Security
Uniken Acclaimed by Frost & Sullivan for Enhancing Identity and Access Control with its Mobile-first REL-ID Solution
Forescout Selected by U.S. Department of Energy to Participate in Firmware Project Under Grid Modernization Lab Consortium
ImmuniWeb Joins JVP Play CyberNYC
Cybereason Achieves Highest Rating in NSS Labs 2020 Advanced Endpoint Protection Comparative Report
Belden Expands Forescout Partnership to Protect Industrial and Critical Infrastructure from Cyber Threat

Boost Your Social Network
& Crowdfunding Campaigns

NewswireToday Celebrates 10 Years in Business


Visit  Limelon Advertising, Co.

Visit  RightITnow, Inc.


  ©2020 PRZOOM - Limelon Advertising, Co.
Home | About PRZOOM | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneur newswire distribution freenewswiredistribution asianewstoday bizwiretoday USA pr UK today