New Trustwave Report Underscores Progressing Global Cybersecurity Threats

Trustwave today released the 2019 Trustwave Global Security Report, which reveals the top security threats, breaches by industry and cybercrime trends from 2018.
The report is based on the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-breach and forensic investigations, manual penetration tests, network vulnerability scans and internal research. Findings illustrate cybercriminals deviating towards a more focused approach against targets by using better obfuscation techniques and improved social engineering skills as organizations improve in areas such as time to detection and response to threats.
Key findings from the 2019 Trustwave Global Security Report include:
- Asia Pacific and retail lead in data breaches -- The Asia-Pacific region led in the number of data compromises investigated, accounting for 35% of instances and overtaking North America at 30%, down from 43% in 2017. Europe, Middle East and Africa (EMEA) came in third at 27%, followed by Latin America & Caribbean (LAC) at 8%. The retail sector experienced the highest number of incidences at 18%. The finance sector came in second at 11% and hospitality third at 10%, each slightly dropping from 13% and 12%, respectively, from the previous year.
- Email threats becoming more focused -- Spam messages analyzed containing malware significantly diminished in 2018, to 6% from 26% in 2017. This drop can be attributed to a shift in tactics to shorter, more regional campaigns from Necurs, the largest malicious spamming botnet. For example, sextortion email campaigns designed to dupe victims into paying large ransoms by playing on fears that compromising videos exist on the recipient was nearly non-existent in 2017 yet rose toward the end of 2018 to account for 10% of all spam analyzed.
- Malware becoming harder to detect -- Slightly down from the previous year, the largest single category of malware encountered was downloaders at 13%. Remote access Trojans (RATs) at 10% and web shells at 8%, both of which give attackers extensive control over compromised computers, were the second and third most common types of malware discovered. Memory scrapers and dumpers used to steal payment card numbers from point-of-sale (POS) systems saw a sharp decline from 16% in 2017 to just 8% in 2018 as Europay, Mastercard and Visa (EMV) chip technologies become more prevalent. Sixty-seven percent of malware analyzed used obfuscation to help avoid detection, an astounding leap from 30% the previous year.
- Denial-of-service tops database vulnerability patching -- The number of vulnerabilities patched in five of the most common database products was 148, up from 119 in 2017. At 62%, denial-of-service (DoS) vulnerabilities used primarily for disruption accounted for the most vulnerabilities discovered across all major platforms in 2018. Far more serious information disclosure and privilege-escalation vulnerabilities used to gain unauthorized access and manipulate sensitive data accounted for 8.7% and 8.1% of patching incidents, respectively.
- Social engineering: cybercrime’s favored method of compromise -- Social engineering was the top method of compromise in 2018 in every environment analyzed other than e-commerce. In both cloud and POS environments, 60% of breach investigations can attribute successful social engineering as the conduit to initial point of entry. Social engineering in corporate and internal environments were slightly less yet significant at 46%. Analysis of phishing scams targeting those with authority to transfer company funds, known as business email compromise (BEC) or CEO fraud, revealed interesting results: 84% of BEC messages used free webmail services for distribution, 12% used spoofed company domains and 4% elected to employ misspelled or lookalike domain names to deceive recipients.
- Card-not-present data most valued by cybercriminals -- Payment card data led in the types of information most coveted by cybercriminals, comprising 36% of breach incidents observed. Most notable: card-not-present data at 25% rose 7% from the previous year largely due to increased Magecart attacks targeting e-commerce sites, while magnetic stripe data fell 11%, coming in at 11% of incidents observed in 2018. The decline in magnetic stripe data incidents can be correlated with increased global adoption of EMV chip technology designed to better protect POS systems.
- Marked improvements in threat response time -- The median time duration from threat intrusion to containment fell to 27 days, from 67 days in 2017, and the median time between intrusion and detection for externally detected compromises fell to 55 days, down from 83 days in 2017. Adoption of technologies such as endpoint detection and response (EDR), behavioral analytics and stronger organizational security maturity helped lead to improvements.
- Cryptojacking dominates web-based attacks -- A steep year-over-year increase of 1,250% was observed in cryptojacking malware, which was almost non-existent in 2017. Used to covertly place legitimate JavaScript coin miners on websites or infect carrier-grade routers, cryptojacking malware illegally mines cryptocurrency for cybercriminals using the computing resources of unsuspecting victims. In 97% of the 2,585 websites observed that were known to be compromised, the now-defunct Coinhive miner was preferred.
- All web applications found to be vulnerable -- For a second straight year, 100% of web applications tested possessed at least one vulnerability, with the median number of vulnerabilities rising to 15, up from 11 in 2017. Of more than 45,000 vulnerabilities discovered by Trustwave penetration testers, 80% were classified as low risk, with the remaining 20% deemed medium to critical. The most common critical weakness involved omission of Microsoft Security Update MS17-010, which fixes the ETERNALBLUE vulnerability in the Server Message Block (SMB) protocol used for local network communication.
- Corporate and internal networks at most risk -- Fifty-seven percent of the incidents investigated involved corporate and internal networks (up from 50% in 2017), followed by e-commerce environments at 27%. Incidents impacting POS systems decreased by more than half to just 9% of the total occurrences reflecting EMV use as a successful technology.
“Our 2018 findings portray a story about adaptiveness, both from a business and cybercriminal perspective,” said Arthur Wong, Chief Executive Officer at Trustwave. “We are seeing the global threat landscape continue to evolve as cybercriminals deterred by advanced monitoring and detection systems go to extraordinary lengths to breach organizations by wielding new malware variants, zero-day exploits and social engineering savvy. It’s becoming imperative for businesses accelerating digital transformation to implement security programs that can quickly address attack innovation and ever-changing environments through leading-edge technologies and high-level security expertise.”
source trustwave
Industry: Cyber Security News

Latest Jobs
-
- Account Manager - IT Services
- Germany
- €90000 plus OTE and Car
-
Are you a deal closer with a hunter mindset? Do you know how to uncover business pain points, and turn them into long-term digital transformation partnerships? Our Client are growing their sales force across Germany and looking for an ambitious, straight-talking Account Manager to take the lead on new client acquisition. You’ll focus on mid-sized to large enterprises across Germany helping to shape their digital future with tailored IT solutions in Workplace, Cloud, and Security. • Drive Growth: Own the full sales cycle for new business across your region. • Solution Sell: Build bespoke offers in Security, Digital Workplace and Cloud solutions • Build Relationships: Establish a solid pipeline through smart prospecting, marketing-driven leads, and your own network. • Represent a brand known for trust, delivery, and tech excellence—with 4,000 employees globally and a growing team within Germany. What You Bring • Proven new logo sales experience in the IT services space (not hardware!) • Deep knowledge in one or more of: Cybersecurity, Digital Workplace, or Cloud • Confidence to lead enterprise deals and pitch directly to senior stakeholders • Fluent German and good English skills Sind Sie ein Abschlussprofi mit Hunter-Mentalität? Wissen Sie, wie man geschäftliche Pain Points identifiziert und in langfristige Partnerschaften zur digitalen Transformation verwandelt? Unser Kunde baut derzeit sein Vertriebsteam in ganz Deutschland aus und sucht eine ambitionierte, ehrliche Persönlichkeit als Account Manager, die den Lead bei der Neukundengewinnung übernimmt. Ihr Fokus liegt auf mittelständischen bis großen Unternehmen in Deutschland, denen Sie mit maßgeschneiderten IT-Lösungen in den Bereichen Workplace, Cloud und Security den Weg in die digitale Zukunft ebnen. Ihre Aufgaben • Wachstum vorantreiben: Verantwortung für den gesamten Vertriebszyklus im Neugeschäft Ihrer Region. • Lösungsorientierter Vertrieb: Entwicklung individueller Angebote in den Bereichen Security, Digital Workplace und Cloud-Lösungen. • Beziehungen aufbauen: Aufbau einer stabilen Pipeline durch gezielte Ansprache, marketinggenerierte Leads und Ihr eigenes Netzwerk. • Marke repräsentieren: Werden Sie Teil eines Unternehmens mit 4.000 Mitarbeitenden weltweit und einem stark wachsenden Team in Deutschland – bekannt für Vertrauen, Verlässlichkeit und technologische Exzellenz. Was Sie mitbringen • Nachgewiesene Erfahrung in der Neukundenakquise im Bereich IT-Services (kein Hardwarevertrieb!) • Fundiertes Wissen in mindestens einem der Bereiche: Cybersecurity, Digital Workplace oder Cloud • Selbstbewusstes Auftreten im Umgang mit Enterprise-Deals und Entscheidungsträgern auf Top-Level • Verhandlungssichere Deutschkenntnisse und gute Englischkenntnisse
-
- Senior SOC Analyst Level 3. Microsoft Security stack | Ability to achieve SC Clearance
- London
- To attract the right person
-
Job Title: Senior SOC Analyst Level 3. Microsoft Security stack | Ability to achieve SC Clearance Location: Hybrid remote | London / Berkshire Overview: Senior SOC Analyst Level 3 to join a specialist Managed Security Services business. You will be responsible for advanced threat hunting / triage, incident response etc with a strong focus on the Microsoft Security Stack. Key Responsibilities: Lead and resolve complex security incidents / escalations Conduct advanced threat hunting using the Microsoft Security Stack. Build, optimise and maintain workbooks, rules, analytics etc. Correlate data across Microsoft 365 Defender, Azure Defender and Sentinel. Perform root cause analysis and post-incident reporting. Aid in mentoring and upskilling Level 1 and 2 SOC analysts. Required Skills & Experience: The ability to achieve UK Security Clearance (SC) – existing clearance ideal. (Sorry no visa applications) Current experience working with a SOC environment Microsoft Sentinel: Development and tuning of custom analytic rules. Workbook creation and dashboarding. Automation using Playbooks and SOAR integration. Kusto Query Language (KQL): Writing complex, efficient queries for advanced threat hunting and detection. Correlating data across key tables (e.g., SignInLogs, SecurityEvent, OfficeActivity, DeviceEvents). Developing custom detection rules, optimising performance, and reducing false positives. Supporting Sentinel Workbooks, Alerts, and Playbooks through advanced KQL use. Deep understanding of incident response, threat intelligence and adversary techniques (MITRE ATT&CK framework). Strong knowledge of cloud and hybrid security, particularly within Azure. Additional Requirements: Must hold or be eligible to achieve a minimum of Security Clearance (SC) level. Nice to have certifications (e.g., SC-200, AZ-500, GIAC) are desirable. Strong problem-solving and analytical skills. Excellent communication for clear documentation and team collaboration. Please follow Wheaton’s Law.
-
- New Business Sales Hunter | Cyber Security (UK Based)
- London
- To attract the right person
-
New Business Sales Hunter needed | Cybersecurity (UK Based) Are you looking for uncapped commission, a fun and sociable team that drives success with no politics? If so...You must Be UK based - and able to achieve UK SC clearance. (sorry no visas) Have a demonstrable history of sales success in Cyber Security Follow Weatons law. The role: Seeking a proven New Business Sales Hunter to join an established, successful and expanding cyber security firm. New business focused - £1m GP year one target (ramped). Sell a blend of security services & professional services. Ideal experience selling some or all of the following Cyber strategy & risk management Managed detection & response (MDR) Penetration testing Compliance & audit support You: Strong cybersecurity/IT services sales track record. Confident selling into mid-market & enterprise. UK based - London commutable 1x per week. Hunter mindset, full sales cycle ownership. Don't just send an email to apply give me a call on 07884666351
-
- CyberArk Architect
- London
- Upto £110,000 plus bonus and benefits
-
Are you ready to lead from the front and drive innovation in the Identity & Access Management (IAM) space? We’re looking for a seasoned CyberArk Architect who has CDE-CPC ideally or experience with privilege Cloud, someone who can lead with vision, execute with precision, and inspire teams to deliver excellence. As a key leader in our organisation, you’ll bring your strong business acumen and a technology-focused, innovative mindset to the table. You’ll be driving strategic initiatives, shaping transformation programs, and empowering teams to think big and deliver even bigger. Acting as a subject matter expert in CyberArk Leading strategic transformations in: Identity Governance Privileged Access Management (PAM) Access Management Customer Identity and Access Management (CIAM) Building and maintaining strong, collaborative relationships within the team Communicating clearly and confidently — both written and verbal — to deliver updates, raise potential issues, and share insights If you are interested in the above position we are looking for people with: deep expertise and a successful track record in IAM strategy, delivery, or assurance with CyberArk Hold relevant certifications such as CDE in Privileged Cloud or Guardian Have experience in a client-facing role (preferred, but not essential) Thrive in a hybrid working environment and are available to work from our or client London office three days a week Lead with clarity, communicate with impact, and adapt quickly to changing priorities