A report from security firm Trustwave found that attackers favor companies with chains of outlets, such as those commonly found in the food and retail industries, when launching targeted attacks.
The attackers like the uniform IT infrastructure that large chains deploy at individual sites, Nicholas Percoco, head of the Trustwave’s SpiderLabs team, told V3.
When one location is compromised, attackers then have a set of tools and information which can be used to infiltrate any number of additional shops within the chain, he added.
“They know what that brand name restaurant looks like, they know what ingredients and systems are being shipped,” Percoco said.
“When you plug your store into the internet those systems look a certain way, there are certain ports open, so they know what those look like and when they find one location they can build tools to find other locations.”
Percoco noted that the trend is less prevalent in Europe than in other regions, in part because European attackers seem to prefer targeting poorly-maintained e-commerce sites rather than more secure retail locations.
The report, which was gathered from a collection of customer investigations and honeypot operations, also found that criminals are increasingly reliant on a certain type of malware known as memory parsing.
The technique, which is used to evade encryption tools, places the malicious components inside a system’s memory, intercepting and re-routing data before it can be encoded.
The stolen data is then transmitted over a secured HTTP protection to avoid identification by administrators.
Users, meanwhile, are still maintaining poor password practices despite the best efforts of administrators and vendors.
Trustwave found that one of the most commonly-used passwords was ‘Password1.’ The phrase is among the simplest passwords which meets Windows’ requirements for a ‘secure’ passcode.
Rather than rely on secure password settings, Percoco recommends that administrators consider the use of two-factor authentication.
“When we look at our investigations, greater than 60 per cent of attacks were remote access and a high per cent of that was insecure passwords,” he explained.
“If you have systems that are sitting on the internet, having a static user name and password is a bad idea.”