The research includes data collected over the last three months from global
NTT Security managed security service (MSS) platforms and a variety of open-source intelligence tools and honeypots.
The report is very interesting and full of precious information, it is organized in the following sections:
Let’s analyze in detail each session:
NTT Security Global Threat Intelligence Center observed significant increase (+24% from Q2 ‘17) in the number of security events during Q3 ’17, Finance was a privileged target of threat actors, experts observed a notable increment of detection of malicious activities in Q3 ’17 (+25%).
The experts observed a worrisome increase in the number of phishing campaigns and malware infections, up more than 40 percent since Q2 ‘17.
“Attack techniques have shifted from formal reconnaissance and exploitation to an increased dependency on botnet infrastructure, phishing campaigns, malicious attachments and links.” states the report.
Interesting the data related to the attack sources, The Netherlands leads the Top Ten char, followed by China, the novelty is represented by India that made a huge jump from outside the number three.
Attacks from China moved up from the number three spot in Q2 ’17 to number two in Q3 ’17.
The presence of China doesn’t surprise any more, but it is interesting to highlight that during Q3 ’17, finance and manufacturing were the most heavily targeted industries from Chinese attackers, with 40 percent and 31 percent, respectively.
NTT Security confirms that for the past five years IP addresses in China have ranked within the top three of all source countries (consider also that IP addresses within the United States have always been the number one source of attacks).
“It is important to note that the term “Chinese sources” does not imply attribution, necessarily, to any entity associated with China. Threat actors often route through several nodes, making it difficult to determine the true source of malicious activity” continues the report.
The report highlights the danger of insider threats, 30 percent of them will put an organization at risk, in most cases organizations totally ignore the risks.
The report distinguishes “Accidental Threat Facts” such as Accidental disclosure (e.g., unsecured databases, default internet-facing username and password logins), Improper or accidental disposal of physical records (e.g.,disposal of paper without shredding.), Accidental damage (e.g., accidental misconfiguration or command which results in loss of data or connectivity) from “Malicious Insider Threat.”
According to the experts, Insider threats cost organizations more than $30 million.
“In 2016, large organizations with more than 75,000 employees spent an average of $7.8 million to address and resolve a single insider threat incident, while small organizations of between 1,000 and 5,000 employees and contractors spent an average of $2 million per incident.” states the report.
Below a summary of other key findings in the Q3 Global Threat Intelligence Center Quarterly Threat Intelligence Report include:
The NTT Security Q3 Threat Report can be downloaded for free at www.nttsecurity.com/en-us/gtic-2017-q3-threat-intelligence-report.
(Security Affairs – Quarterly Threat Intelligence Report, Global Threat Intelligence Center)