OPM Breach Reach Expands as Cybercriminals Profit
While the latest news about OPM’s breach is worse than initially revealed, a new security report indicates cybercrime is big business for attackers who receive an estimated 1,425% ROI for malware schemes.
While investigating a cyberattack on the information of about 4 million federal employees, officials discovered “a separate intrusion into OPM systems that may have compromised information related to the background investigations of current, former, and prospective federal government employees, and other individuals for whom a federal background investigation was conducted,” Samuel Schumach, OPM’s press secretary, said.
Reports from Bloomberg and the Associated Press said hackers tapped into as many as 14 million personal records, a number OPM would not confirm, citing its continuing inquiry.
In the meantime, Chicago-based Trustwave released its 2015 Trustwave Global Security Report, which revealed the top cybercrime, data breach and security threat trends from 2014.
The report disclosed how much criminals can profit from malware attacks, which data they target, how they get inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are targeting and where the majority of victims are located.
Trustwave experts gathered the data from 574 breach investigations the company’s SpiderLabs team conducted in 2014 across 15 countries, in addition to proprietary threat intelligence gleaned from the company’s five global Security Operations Centers.
Among the key highlights from the report was that attackers received about $84,100 net revenue for each $5,900 investment.
The majority of victims, 81%, did not detect breaches themselves. The report revealed that self-detection led to quicker containment of a breach.
In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.
In 2014 Trustwave also discovered 98% of applications tested had at least one vulnerability. The maximum number of vulnerabilities found in a single application was 747. The median number of vulnerabilities per application increased 43% in 2014 from the previous year.
Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94% of POS breaches.
“Password1” was still the most commonly used password. Thirty-nine percent of passwords were eight characters long. The estimated time it took Trustwave security testers to crack an eight-character password was one day. The estimated time it would take to crack a 10-character password was 591 days.
Retail was the most compromised industry making up 43% of Trustwave’s investigations followed by food and beverage (13%) and hospitality (12%). Forty-two percent of investigations were of e-commerce breaches. Forty percent were of POS breaches.
In 31% of cases Trustwave investigators found attackers targeted payment card track data. Track data is the information on the back of a payment card that’s needed for an in-person transaction.
“To defend against today’s sophisticated criminals, businesses must see attacks from their front windshield instead of their rear view mirror,” Trustwave Chairman, CEO and President Robert J. McCullen said.
The FBI recently released a warning about a new Punkey malware, uncovered by Trustwave, which scans and scrapes un-coded, plaintext credit card information in the RAM of payment-processing devices such as card readers and POS terminals.
The malware inserts itself into computers, performs system scans, encrypts hacked information, and then connects to remote servers used to store and retrieve stolen credit card data. Cybercriminals then post appropriated data for sale online.