Sharp rise in attacks on point of sale in 2016: Report

Register now

North America remains a favorite target for hackers, with incidents at the point of sale rising dramatically in 2016 and payment card data again proving to be the most at risk, according to new research from Trustwave.

Nearly half of all data breaches investigated by Chicago-based Trustwave were in North America, the 2017 Global Security Report stated.

Attacks affecting POS systems increased to 31% last year, up from 22% in 2015. The attacks most commonly took place in the U.S., which has been slower to adopt the EMV chip-card payment standard.

Indeed, magnetic stripe card data tracks were involved in 33% of the incidents, primarily in a POS environment, while card-not-present data was involved in 30% of incidents, mostly from e-commerce transactions.

Financial credentials, including account names and passwords, accounted for 18% of incidents.

"Cybersecurity in 2016 had both highlights and lowlights," Trustwave chief executive officer and president Robert J. McCullen said in a June 20 press release. "As our data breach investigations and threat intelligence show, attackers continue to evolve their tactics and focus on extreme paydays as cybercrime becomes more like genuine businesses."

Trustwave's Global Security report includes data from billions of security and compliance events based on forensic investigations in thousands of locations across 21 countries.

In some good news, Trustwave noted that intrusion detection is improving. The median number of days from an intrusion to the detection of a compromise decreased to 49 days in 2016 from 80.5 days the previous year — with values ranging from zero days to almost 2,000 days. The median for internal detection was 16 days, while externally detected incidents had a 65-day median.

After detection, victims were able to contain the breaches quickly, the report said. The median number of days from detection to containment was 2.5 last year.

It is also becoming increasingly important for business owners and their employees, as well as consumers, to be aware of spam as a potential threat.

Eighty-three percent of the malware samples that Trustwave said it examined last year used obfuscation to hide, while 36% used encryption.

At the same time, 35% of spam messages contained malware, up from only 3% in 2015. Sixty percent of all inbound e-mail was spam, up from 54% in 2015.

For reprint and licensing requests for this article, click here.
Network security Point-of-sale