Quick Hits

When And How Attackers Are Owning Businesses

New Truswave SpiderLabs breach report highlights risky passwords, emails, and timing
If you open an email attachment between the hours of 8 a.m. and 9 a.m., then you're much more at risk of getting infected with malware than at other times.

That's just one of the risk factors for a data breach, according to findings in the new Trustwave Global Security Report for 2011, which was published earlier this week.

Among the 300 data breach investigations and 3,000 penetrating testing engagements conducted by Trustwave SpiderLabs last year, the most common password among nearly 2 million end user and administrative passwords was "Password1." Why? Because it meets the password-complexity setting for Microsoft's Active Directory.

"In our investigations, we found that the top propagating [method] was using weak admin credentials," says Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs. "Easily guessed passwords in many cases were used to get in."

And it pays to take care when opening files early in the morning on the East Coast. Email targeted attacks occur most often early: "The premise is that someone coming into work has an email in their inbox that says it's from the CEO, and they are going to double-click on it," Percoco says.

Viruses also peak in August and September. "That's the time when people are taking vacations and other people may be monitoring email for a colleague," he says.

Only 12 percent of antivirus products were able to detect targeted malware.

So it's no wonder that organizations are not getting any better at detecting attacks. According to Trustwave, only 16 percent of victim organizations detected a breach themselves: The rest found out via law enforcement or other external sources.

"Attackers are becoming more sophisticated and without being detected," he says. "Smash-and-grab attacks are few and far between. It's all about persistency: You hear a lot about espionage and APT attacks. But there's no reason why organized crime groups after financial information would not want to be using the same techniques [APTs] are."

Meanwhile, Trustwave worked on 42 percent more breach investigations in 2011 than in 2010, mainly due to a jump in targeted, sophisticated attacks plus more attacks in the Asia-Pacific region.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Evan Schuman, Contributing Writer, Dark Reading
Tara Seals, Managing Editor, News, Dark Reading
Jeffrey Schwartz, Contributing Writer, Dark Reading