WEB APPLICATION ATTACKS and digital espionage are on the rise with no signs of slowing down, Verizon's latest annual data breach investigations report (DBIR) has claimed, saying they were the top IT security threats in 2013.
The report, which collated the contributions of 50 global companies, reported 1,367 confirmed data breaches, 63,437 security incidents and 511 incidents of espionage last year alone, 50 percent of which it said came from Asia, and China in particular.
However, Verizon was also keen to point out mounting activity in Russia and Eastern Europe, with the US being the most targeted country.
"At a high level, there doesn't seem to be much difference in the industries targeted by East Asian and Eastern European groups. Chinese actors appeared to target a greater breadth of industries, but that's because there were more campaigns attributed to them," read the report.
Verizon said that strategic web compromises (SWC) were also on the rise and it is "very unlikely" that they will fade.
"While there are downsides to SWCs for the attackers (high visibility and high cost to weaponise and burn a zero day), the benefits of a low-cost way to support long-term operations generally outweigh the risks," the report said.
Distributed denial of service (DDoS) attacks are also increasing in size, Verizon said, claiming that last year the average attack volume was 10.1Gbps, compared to 7Gbps in 2012.
The report said that web application attacks dominate the financial services sector and point of sale and DDoS attacks continue to trouble retail.
The industry with the most leaks in terms of confirmed incidents where data was exposed was finance with 465 breaches, the report said. The public sector suffered 175 such incidents, and retail had 148.
Verizon's report claimed that web application attacks were the main cause of security incidents last year, accounting for 35 percent of breaches due to ideological or financial motives.
However, surprisingly, Verizon said that although they were still a significant threat and resulted in 14 percent of all breaches, point-of-sale (PoS) attacks actually declined in 2012 and 2013 compared to 2010 and 2011.
"Some may be surprised that the number of PoS attacks in 2012 and 2013 is substantially lower than the number recorded in 2010 and 2011 (despite having ten times more contributors in the latter years)," the report read. "Brute forcing remote access connections to PoS still leads as the primary intrusion vector. A resurgence of RAM scraping malware is the most prominent tactical development in 2013."
Verizon said the most popular point-of-sale attack involved RAM scraping malware, an attack that steals payment card data while it's being processed in memory before it's encrypted.
Verizon explained how these come about in its report. "From an attack pattern standpoint, the most simplistic narrative is as follows: compromise the POS device, install malware to collect magnetic stripe data in process, retrieve data, and cash in.
"All of these attacks share financial gain as a motive, and most can be conclusively attributed (and the rest most likely as well) to organised criminal groups operating out of Eastern Europe." µ
Sign up for INQbot – a weekly roundup of the best from the INQ