The volume of attacks on cloud services more than doubled in 2019, in line with the trend of organizations increasingly moving operations to the cloud, according to the 2020 Trustwave Global Security Report. Amongst a range of cybersecurity trends from 2019 that were highlighted, cloud services are now the third most targeted environment by cyber-criminals. In total, this amounts to 20% of investigated incidents, representing an increase of 7% from the previous year.
Corporate remains the most targeted environment at 54%, down by 2% on the previous year. This is followed by eCommerce at 22%, a reduction of 5% compared with 2018.
The report also showed that, for the first time, ransomware attacks overtook payment card data in the frequency of breach incidents, with success rates of ransomware, at 17%, slightly higher than the total percentage of incidents involving card-not-present and track data.
Another major finding in the study was that there was a substantial reduction in the amount of spam emails hitting organizations, at 28.3% in 2019 compared with 45.3% in 2018. This is due to several large spamming operations either reducing activities or completely eradicating them.
The report is comprised of information gained by Trustwave on a trillion logged security and compromise events, hundreds of hands-on data breach and forensic investigations, penetration tests and red teaming exercises, network vulnerability scans and internal research. It has highlighted how cyber-criminals are constantly evolving their tactics to target organizations and individuals.
“Our 2019 findings depict organizations under tremendous pressure contending with adversaries who are methodical in selecting their targets and masterful at finding new pathways into environments as the attack surface widens,” commented Arthur Wong, chief executive officer at Trustwave. “We continue to see the global threat landscape evolve through novel malware delivery, inventive social engineering and in the ways malicious behaviors are concealed. How fast threats are detected and eliminated is the top cybersecurity priority in every industry.”