Sophisticated malware and targeted attacks aren’t the only danger, study finds.
Premeditated cyber-attacks are on the rise, and malware is growing more sophisticated by the day, but despite elevated security techniques, phishing continues to compromise networks.
This is according to a study by security firm Trustwave, which suggested that cybercrime is becoming increasing difficult to tackle.
It’s a long-repeated standpoint, but in its 10th annual Global Security Report released last week, Trustwave suggested that people are just as responsible for cybersecurity as the methods they employ.
Phishing attacks and social engineering were studied by researchers, who found that although these threats are decreasing in number, they are still the leading method used to compromise networks and devices.
In fact, 55% of workplace hacks were enabled by phishing campaigns.
And while email spam has declined, with only 39% of messages containing spam, 26% of junk messages did still contain malware.
The firm tested malware samples and discovered that it, too, was becoming more sophisticated.
They found that 30% used obfuscation to avoid detection, and 90% employed persistence techniques – allowing the malware to reload after a reboot.
Around 40% of the attacks observed used cross-site scripting (XSS), whereas 24% used SQL injections and 3% employed DDoS attacks.
Web apps are still littered with holes in their security, and the majority are being left wide open to attack, according to the study.
Trustwave noted that all of the web applications it tested for vulnerabilities had at least one weakness present.
The median number of app vulnerabilities was 11, and the majority involved session management – allowing a hacker access to the user’s session in order to take their data.
Steve Kelley, CMO at Trustwave, said: “Security is as much a ‘people’ issue as it is a technology issue.
“To stay on par with determined adversaries, organizations must have access to security experts who can think and operate like an attacker while making best use of the technologies deployed.”