Trustwave hasn’t investigated any cases of location-aware malware facilitating a physical crime, but the possibly presents a serious physical security concern, says Percoco.
Trustwave Spiderlabs’ 2012 Global Security report will be available Tuesday from the Trustwave Web site and discusses 2011’s trends in cybersecurity and predictions for 2012. The first part of the report deals with investigations. The second part of the report focuses on analysis of the data pulled from penetration testing and more than 2,000 ethical hacking exercises performed in 2011.
In 76 percent of all incidents investigated by Trustwave, third parties were responsible for maintaining information technology systems.
“That becomes a problem because organizations are relying on a third party to manage their systems. Once the organization as customers of those third parties become better aware of those security risks, they are more of an informed consumer of those services and can ask the right questions like who has access to those systems or putting policies in place to maintain the security of those systems,” Percoco said.
Trustwave also found that 80 percent of hackers moved from system to system within in an environment by cracking weak administrator passwords. Analysis found that the most common password used by global businesses was “Password1” because it satisfies the default Microsoft Active Directory complexity setting.
“They were literally just guessing passwords,” Percoco said.
photo by miss_hg/flickr