Trustwave's 2011 Global Security Report, which draws data from actual breach investigations and research conducted by Trustwave's SpiderLabs in 2010, also revealed that nearly one-third of all breaches last year appear to have been the work of a single organized crime operation. Some 32 percent of attacks in the report came out of the Russian Federation, and 24 percent from unknown origins.
There also was a major jump in attacks using malware: around 76 percent of these attacks involved data-harvesting malware, according to Nicholas Percoco, senior vice president and head of SpiderLabs: "They're going in more directly using malware to do more of the dirty work."
That number was up 23 percent from 2009, according to the report.
"Malware is how the problem starts, as the payload, and then for exfiltration. We see malware finding its way into some or all of the components of the attack," Percoco says.
But it's mostly the same techniques and malware, with tweaked code, he says.
In 2009, Trustwave found that hospitality was the No. 1 most hacked industry, whereas food and beverage was in 2008. Retail is now No. 2, with 18 percent of the attacks last year, and hospitality with 10 percent. Why the shuffle this year? "The [criminals] find something that works, and stamp it out as fast as they can," Percoco says. They may breach a particular coffee shop, for instance, and then find other similar shops with the same operating systems, and other characteristics. "They footprint the OS, for example, and write tools that scan for those specific systems" in other establishments, he says.
Meanwhile, 88 percent of breaches were due to the insecure code or poor security in managing third-party applications. And 66 percent of the breach investigations included data stolen in transit, rather than stored data.
A full copy of the report can be downloaded here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.