Data breach: Only 16 per cent self-identified

POS system attacks come of age in Australia.

Only 16 per cent of organisations that faced a breach in 2011 detected it prior to a notification by a third party, according to an analysis of investigations conducted last year by [[xref: |Trustwave's SpiderLabs security team|]].

The vast majority, 84 per cent, were informed by either a regulatory body, law enforcement or the public, and on average the attackers behind the breach that was discovered by a third party had 173.5 days to rummage around the target’s environment.

The report shows that the time between the initial breach and when an investigation takes place is up to three years.

The important figure that distinguishes self-identification to discovery from an external source was that in the case of self-identification, the organisation knew of the breach on average after 43 days rather than 173 days.

Currently the most common way for an organisation to discover they have been breached is through regulatory notification. In a third of the cases law enforcement notified the organisation, up from just 7 per cent in 2010.

One of the most common methods of infiltrating corporate IT systems was weak administrator username and password combinations.

A particular risk for organisations was IT outsourcing arrangements, which provided third-party VPN access to internal systems. Hackers scan the web for ports used by remote access applications, which remain highly vulnerable when default configurations are left in place. Sixty-one per cent of infiltration cases occurred using this method and 19.9 per cent occurred through weak credentials or client side attacks.

Client side attacks were primarily (60 per cent) caused by system admins using production environments for personal use, such as accessing personal email accounts, social networking sites and Flash and Java-based gaming sites.

SQL injection attacks were also in 6.9 per cent of the incidents SpiderLabs investigated.

In terms of getting data out of the organization, attackers often exploited the lack of “egress” our outbound filters. Firewall deficiencies were behind 84 per cent of successful exfiltration cases. Correct firewall configurations should ensure data is being sent to the propoer location, over the proper port, using an authorised protocol, Trustwave points out.

Australia: POS systems in focus.

Trustwave reports that investigations its Spider Labs division conducted in Australia focused primarily on point of sale (POS) systems, such as the PIN entry device used to read cards and collect PINs.

While attacks on improperly stored data on the PIN device were more common, its investigators picked up the first data “in transit” attack in late 2011, marking a migration of an attack technique already seen in the US and Europe.

In the case of an in-transit attack, the criminal would use memory dumping malware that intercepts and captures clear-text payment card data transmitted between the PIN entry device and the POS system.

It did not disclose how many investigations it has conducted in Australia, but said that 90 per cent of its investigations in the APAC region related to payment card data compromises, noting that attacks had shifted away from e-commerce sites towards POS systems.

Join the CSO newsletter!

Error: Please check your email address.

More about APACTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts