Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Trustwave: Hackers Target Food and Beverage Industry Heavily in 2011

It is not surprising that customer records would be the main target for attackers. But a database of financial records from a major bank is not their most common target – instead it’s the food and beverage industry that has proved most appetizing.

In its 2012 Global Security Report, Trustwave revealed that for the second year in a row, the food and beverage industry comprised nearly 44 percent of the data breach investigations in 2011. Retail businesses were the second largest group, accounting for nearly 34 percent.

It is not surprising that customer records would be the main target for attackers. But a database of financial records from a major bank is not their most common target – instead it’s the food and beverage industry that has proved most appetizing.

In its 2012 Global Security Report, Trustwave revealed that for the second year in a row, the food and beverage industry comprised nearly 44 percent of the data breach investigations in 2011. Retail businesses were the second largest group, accounting for nearly 34 percent.

Food and Beverage Industry Targeted in AttacksThe report is based on an analysis of more than 300 data breach investigations and 2,000 penetration tests performed last year. According to Nicholas J. Percoco, senior vice president of Trustwave and head of SpiderLabs, the food and beverage industry in many respects represents the perfect target for an attack.

“There is a very low barrier to entry: remote access with weak passwords or vulnerable solutions in place,” he said in an interview with SecurityWeek. “The attackers can have a great deal of time in the environment before being detected. The data they are after is being replenished on a daily basis.”

Passwords, it turns out, are a weak link in many organizations. According to Trustwave, the problem was not just weak passwords, but shared passwords as well. The most common password used by global businesses in “Password1,” because it satisfies the default Microsoft Active Directory complexity setting.

“[Organizations] should be enforcing stronger passwords, but also decide to use 2-factor authentication for all accounts with remote access and/or administrative rights to systems,” Percoco said.

The company investigated more than 40 percent more breaches this past year than in 2010, Percoco said. But while the number of breaches may be disconcerting, arguably even more so is that the number of breaches detected by the victimized organizations themselves stood at only 16 percent. The remaining 84 percent discovered the situation due to third-party information from regulatory, law enforcement or the public.

In cases where the external entity was relied on for detection, the attackers had an average of 173.5 days within the victim’s environment before they were detected.

“The attackers are working very hard to fly under the radar of the organizations they are targeting,” Percoco said. “They perform actions in environments that when taken as a single event are not malicious, but when combined and analyzed by a data breach investigator are indicators of compromise. This is very difficult for target organizations to be able to keep a watch for without the help of an external party for security analysis.”

So what can be done? Here are Trustwave’s top strategic security recommendations for 2012:

Education of Employees – The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees is the first line of defense.

Identification of Users – Focus on achieving a state where every user-initiated action in your environment is identifiable and tagged to a specific person.

Homogenization of Hardware and Software – Fragmentation of enterprises’ computing platforms is an enemy to security. Reducing fragmentation through standardization of hardware and software, and decommissioning old systems, will create a more homogenous environment that is easier to manage, maintain and secure.

Registration of Assets –A complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.

Unification of Activity Logs – Combining the physical world with the digital affords organizations with new ways to combine activities and logs to identify security events more quickly.

Visualization of Events – Log reviews alone are no longer sufficient. Visualizing methods to identify security events within the organization better narrows security gaps.

“Any organization can be a target, but as detailed in our report findings, those most susceptible are businesses that maintain customer records or that consumers frequent most, including restaurants, retail stores and hotels,” Percoco said in a statement. “We advise organizations review our strategic recommendations for 2012 and take steps toward employing better security across their organizations.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.