Retailers, Restaurants Remain Attractive Targets for Cyber-Criminals

E-commerce sites and brick-and-mortar stores that process credit cards online continued to be a major focus of attackers in 2012, according to Trustwave.

Hotels, restaurants and shops may get five-star ratings from tourists, but many will likely only receive a single star for security.

An analysis of breach data for 2012 found that retailers and the hospitality industry continued to command the most interest from cyber-criminals, accounting for 78 percent of the breaches documented by security services firm Trustwave. The businesses are typically easy targets, having outsourced the administration of important servers and business data to firms that focus more on keeping the systems functioning than on security, says Christopher Pogue, director of digital forensics and incident response for Trustwave's SpiderLabs.

"An integrator may have 1,000 customers and may do remote administration for all of them using, not 1,000 passwords, but maybe two or three," Pogue said. "That leaves a vulnerability that can be exploited by attackers."

Almost a third of all victims had critical systems administered by a third party.

Attackers had no trouble exploiting that weakness, with vulnerable remote-access systems accounting for the method of entry in 47 percent of the cases, according to the Trustwave report. In most cases, users—not software vulnerabilities—were to blame: Almost 90 percent of systems had weak or easily guessable passwords, with "Password1" continuing to be the most common, according to Trustwave's report.

The report underscored that attackers continued to focus on what works, not necessarily on new techniques. In addition to targeting poorly secured remote-access applications, attackers also focused on exploiting flaws in Websites to gain access to the backend databases, typically known as a SQL injection attack and which accounted for more than a quarter of all attacks.

"From a criminal perspective, why should I get creative when I commit my crimes, when I don't have to," Pogue said.

Focused on stealing credit card and customer data, cyber-criminals compromised point-of-sale servers in nearly half of attacks and targeted Websites for the other half. Only 5 percent of attacks focused on other infrastructure.

Because the victims were not prepared to deal with security incidents, they detected breaches in less than a quarter of the cases. Moreover, the average time to detect a breach rose to 210 days in 2012, an increase of more than a month compared with 2011.

The attackers used a variety of exploit kits, yet nearly 70 percent of all attacks used the Blackhole exploit kit. By the end of 2012, however, the Cool exploit kit was increasingly being used.

Trustwave analyzed some 450 cases investigated by the company's incident responders and found 40 different variants of malware used by six distinct criminal groups. Further analysis suggests that only three criminal teams cause the majority of point-of-sale breaches in major nations worldwide. While attacks typically came from the U.S., Russia and Taiwan, the criminals used data dump sites in Russia, the Ukraine and Romania.

The service provider recommended that companies hold their third-party service providers to a higher level of security. Alternatively, companies can outsource their credit-card processing to prevent the sensitive data from ever being stored on their servers.