Report: Food And Beverage Industry Hit Most By Breaches In 2010

Nearly one-third of breaches likely the work of a single organized crime group

ARLINGTON, VA -- Black Hat DC -- Restaurants and other food and beverage establishments accounted for nearly 60 percent of all breaches last year, and most attacks in all industries were due to weaknesses in third-party software, according to a newly released report.
Trustwaves 2011 Global Security Report, which draws data from actual breach investigations and research conducted by Trustwaves SpiderLabs in 2010, also revealed that nearly one-third of all breaches last year appear to have been the work of a single organized crime operation. Some 32 percent of attacks in the report came out of the Russian Federation, and 24 percent from unknown origins.
There also was a major jump in attacks using malware: around 76 percent of these attacks involved data-harvesting malware, according to Nicholas Percoco, senior vice president and head of SpiderLabs: Theyre going in more directly using malware to do more of the dirty work.
That number was up 23 percent from 2009, according to the report.
Malware is how the problem starts, as the payload, and then for exfiltration. We see malware finding its way into some or all of the components of the attack, Percoco says.
But its mostly the same techniques and malware, with tweaked code, he says.
In 2009, Trustwave found that hospitality was the No. 1 most hacked industry, whereas food and beverage was in 2008. Retail is now No. 2, with 18 percent of the attacks last year, and hospitality with 10 percent. Why the shuffle this year? The [criminals] find something that works, and stamp it out as fast as they can, Percoco says. They may breach a particular coffee shop, for instance, and then find other similar shops with the same operating systems, and other characteristics. They footprint the OS, for example, and write tools that scan for those specific systems in other establishments, he says.
Meanwhile, 88 percent of breaches were due to the insecure code or poor security in managing third-party applications. And 66 percent of the breach investigations included data stolen in transit, rather than stored data.
A full copy of the report can be downloaded
here
.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Report: Food And Beverage Industry Hit Most By Breaches In 2010