Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Trustwave: Hackers Target Food and Beverage Industry Heavily in 2011

It is not surprising that customer records would be the main target for attackers. But a database of financial records from a major bank is not their most common target – instead it’s the food and beverage industry that has proved most appetizing.

In its 2012 Global Security Report, Trustwave revealed that for the second year in a row, the food and beverage industry comprised nearly 44 percent of the data breach investigations in 2011. Retail businesses were the second largest group, accounting for nearly 34 percent.

It is not surprising that customer records would be the main target for attackers. But a database of financial records from a major bank is not their most common target – instead it’s the food and beverage industry that has proved most appetizing.

In its 2012 Global Security Report, Trustwave revealed that for the second year in a row, the food and beverage industry comprised nearly 44 percent of the data breach investigations in 2011. Retail businesses were the second largest group, accounting for nearly 34 percent.

Food and Beverage Industry Targeted in AttacksThe report is based on an analysis of more than 300 data breach investigations and 2,000 penetration tests performed last year. According to Nicholas J. Percoco, senior vice president of Trustwave and head of SpiderLabs, the food and beverage industry in many respects represents the perfect target for an attack.

“There is a very low barrier to entry: remote access with weak passwords or vulnerable solutions in place,” he said in an interview with SecurityWeek. “The attackers can have a great deal of time in the environment before being detected. The data they are after is being replenished on a daily basis.”

Passwords, it turns out, are a weak link in many organizations. According to Trustwave, the problem was not just weak passwords, but shared passwords as well. The most common password used by global businesses in “Password1,” because it satisfies the default Microsoft Active Directory complexity setting.

“[Organizations] should be enforcing stronger passwords, but also decide to use 2-factor authentication for all accounts with remote access and/or administrative rights to systems,” Percoco said.

The company investigated more than 40 percent more breaches this past year than in 2010, Percoco said. But while the number of breaches may be disconcerting, arguably even more so is that the number of breaches detected by the victimized organizations themselves stood at only 16 percent. The remaining 84 percent discovered the situation due to third-party information from regulatory, law enforcement or the public.

In cases where the external entity was relied on for detection, the attackers had an average of 173.5 days within the victim’s environment before they were detected.

“The attackers are working very hard to fly under the radar of the organizations they are targeting,” Percoco said. “They perform actions in environments that when taken as a single event are not malicious, but when combined and analyzed by a data breach investigator are indicators of compromise. This is very difficult for target organizations to be able to keep a watch for without the help of an external party for security analysis.”

Advertisement. Scroll to continue reading.

So what can be done? Here are Trustwave’s top strategic security recommendations for 2012:

Education of Employees – The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees is the first line of defense.

Identification of Users – Focus on achieving a state where every user-initiated action in your environment is identifiable and tagged to a specific person.

Homogenization of Hardware and Software – Fragmentation of enterprises’ computing platforms is an enemy to security. Reducing fragmentation through standardization of hardware and software, and decommissioning old systems, will create a more homogenous environment that is easier to manage, maintain and secure.

Registration of Assets –A complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.

Unification of Activity Logs – Combining the physical world with the digital affords organizations with new ways to combine activities and logs to identify security events more quickly.

Visualization of Events – Log reviews alone are no longer sufficient. Visualizing methods to identify security events within the organization better narrows security gaps.

“Any organization can be a target, but as detailed in our report findings, those most susceptible are businesses that maintain customer records or that consumers frequent most, including restaurants, retail stores and hotels,” Percoco said in a statement. “We advise organizations review our strategic recommendations for 2012 and take steps toward employing better security across their organizations.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.