The Trustwave report reveals some shocking statistics. Where it was an outside organization, rather than the business itself, that pushed for a forensics investigation, "analysis found that attackers had an average of 173.5 days within the victim's environment before detection occurred." Businesses that did so-called "self-detection" to detect attackers on their own did a little better -- the hackers only spent an average of 43 days inside their networks after the initial compromise.
And in a case from Europe last year in which a payment service provider was hacked and multiple servers and a wide-area network of more than 1,000 hosts were attacked, Trustwave says it identified the "single point of weakness as a legacy X.25 node."
The X.25 protocol, which was widely used in the 1980s to build wide-area networks, still finds use today with financial institutions for inter-bank data exchange, the report states. The attacker in this case "identified an internal development system and proceeded to re-write a well-known rootkit on the HP-UX operating system. The rootkit was then installed across a number of cardholder data processing servers to mask the presence of other malicious programs introduced by the attacker."
Trustwave says the "malicious scripts harvested cardholder data by terminating the legitimate instances of payment-processing software and then restarting the software with a Trojanized-debugger attached. The debugger captured all inter-process communications including unencrypted payment card data from within the system memory, which was otherwise encrypted when at rest on the disk and in transit on the network."
This attack went on from almost 18 months and the "attacker was only identified when a subtle flaw within their own customized malware alerted the payment service provider's operational staff to suspicious activity."
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about wide area network in Network World's Wide Area Network section.