What are hackers up to these days?

The short answer: They’re targeting sites in North America, where they’re planting malware in ad networks and launching dating site spam.

The long answer is more complex, but security vendor Trustwave offered some insights in its 2016 Trustwave Global Security Report, which was released last month.

"Criminals are getting a lot savvier," says Karl Sigler, Trustwave's threat intelligence manager. "We're seeing their tactics changing a little bit."

New bad news

In the study, Trustwave found that compromises affecting corporate and internal networks hit 40 percent in 2015, up from 18 percent from the year before.

"Criminals are discovering that if they can get themselves embedded into a corporate network, there's a wealth of monetizable data in those networks," says Sigler. This could also be a result of what he calls a "drastic decline" in the rate of point-of-sale breaches, which dropped by 18 percentage points from 2014 to 2015, according to the study. "Criminals don't go away. They just shift targets," he says.

The study also found a major jump in the use of malvertising. For example, 90 percent of traffic to the RIG exploit kit, which was the third most popular kit in 2015, came from malicious advertisements.

"Criminals have really embedded themselves in the advertising network," Sigler says. "It's an economical way to push their exploits to a much larger audience than they would through a compromised website or by sending social engineering emails out to a lot of people."

[Related: Quarter of firms can't tell how hackers get in]

Two other reasons for the spread of malware in advertising include the complexity of ad networks and a lack of accountability, says Jonathan Voris, an assistant professor of computer science at the New York Institute of Technology. When a user visits an ad-sponsored site, "at least a dozen different websites are contacted in order to serve up that advertising content," he says. That creates a lot of points of entry for hackers, who also exploit the fact that no one is sure who should take responsibility for malware being put on a user's computer: Is it the website owner? The ad network? The computer owner? "The person who is running the website has to make an awfully large effort to vet all those content providers who are going to generate those ads," he says. "Some websites might say it's not their responsibility."

Spam trends

On the spam front, the volume of unwanted email touting pharmaceutical products is down, though it’s still the most prevalent type of spam. In 2014, ads pushing pills accounted for almost three-quarters of all spam messages, according to last year's Trustwave report. In 2015, that figure dropped to 39 percent. That’s a significant drop, but Trustwave’s data indicates that spam related to online dating sites and adult products is filling the void. Email dealing with those topics accounted for 30 percent of all spam in 2015, up from 6 percent in 2014.

Voris says the changes in spam subject matter could be due to improvements in the ability of spam filters to root out pharmaceutical spam. Also, trends change. "Buying drugs online was a new field maybe 10 to 15 years ago," he says. "Now online dating is a huge industry, and it's something a lot of people are involved in. . . . It makes sense [that hackers] have moved on to current trends."

Some things never change

The geographic distribution of attacks doesn’t seem to have shifted much from 2014 to 2015. Most of the activity is still in this part of the world: 35 percent of the data breach investigations Trustwave conducted last year were in North America, with 21 percent in the Asia-Pacific region, 12 percent in Europe, the Middle East and Africa, and 10 percent in Latin America and the Caribbean.

[Related: 5 security experts share their best tips for ‘fringe’ devices]

The attacks and targets stay in North America, particularly the U.S., because the country has "a lot of businesses and organizations that are very juicy targets for individuals,” Sigler says. Moreover, “connectivity and available bandwidth still make us a very very important target for criminals." he adds.

Attacks in Latin America are on the rise — though just by "a little bit," says Sigler — "as those countries become more connected and business are becoming more profitable."

The good news

Trustwave’s report does contain some good news: Self-detection of compromises rose from 19 percent to 41 percent. "That large jump shows you that organizations are starting to do things correctly. They're not just earmarking security as [a secondary concern delegated to] their IT departments. They're actually paying attention, and paying attention in a really important fashion," says Sigler. Still, 41 percent is not a majority, and Sigler says he hopes to see a majority of organizations detecting breaches on their own in the future, because the sooner a company detects a compromise, the sooner it can "contain the damage."

Ultimately, sticking to the security basics will go a long way toward keeping your systems safe, Sigler says. Even though attackers are savvy and getting savvier, if you set up firewalls and make sure you’re properly logging and monitoring your systems, your organization will rise above the "low-hanging fruits and easy targets criminals tend to target," he says. "It's not sexy, but a lot of organizations aren't even doing that much."

Join the CSO newsletter!

Error: Please check your email address.

More about TechnologyTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jen A. Miller

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place