Social engineering attacks are hackers’ preferred method to get access to your system

Hackers prefer social engineering attacks and are more interested in using ransomware than stealing payment data, according to new research from Trustwave, the cybersecurity company.

The new report looked into what the threat landscape in 2019 looked like by analysing a trillion logged security and compromise events, hundreds of hands-on data-breach and forensic investigations, penetration tests and red teaming exercises, network vulnerability scans and internal research.

“Our 2019 findings depict organisations under tremendous pressure contending with adversaries who are methodical in selecting their targets and masterful at finding new pathways into environments as the attack surface widens,” said Arthur Wong, CEO of Trustwave. “We continue to see the global threat landscape evolve through novel malware delivery, inventive social engineering and the ways malicious behaviours are concealed. How fast threats are detected and eliminated is the top cybersecurity priority in every industry.”

Social engineering grew in popularity among bad actors in 2019, with more than half of the incidents by investigated by Trustwave analysts being the result of phishing or other social engineering tactics, up from 33% in 2018.

It also seemed as if ransomware had overtaken payment card data in breach incidents for the first time. Of the incidents, 18% in 2019 were ransomware attacks whilst 17% compromised payment data.

Trustwave also noted that attacks against cloud services jumped from 7% to 20% of the investigated incidents in the year. That being said, corporate environments continue to lead all environments targeted by cybercriminals at 54% slightly down 2% followed by e-commerce at 22% down 5% when compared to 2018.

It also seemed as if efforts to fight back against malware-infected spam have been somewhat successful, with it dropping 45.3% in 2018 to 28.3% in 2019. O CVE-2014-0780 giving remote attackers the ability to read administrative passwords in app files and execute arbitrary code in unspecified web requests.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.