– BUSINESS & PROFESSIONAL SERVICES, GOVERNMENT, HEALTHCARE AND RETAIL

NTT Group report shows 25 passwords account for a third of authentication attempts; phishing attacks responsible for three-quarters of all malware

NTT Security, the specialised security company of NTT Group, has launched its 2017 Global Threat Intelligence Report (GTIR), which analyses global threat trends based on log, event, attack, incident and vulnerability data [1 October 2015 to 31 September 2016]. Analysing content from NTT Group operating companies, including NTT Security, Dimension Data, NTT Communications and NTT Data, and data from the Global Threat Intelligence Center (formerly known as SERT), the report highlights the latest ransomware, phishing and DDoS attack trends and demonstrates the impact of today’s threats against global organisations.

With phishing now widely used as a mechanism for distributing ransomware – a form of malware designed to hold data or devices hostage – the report reveals that 77% of all detected ransomware globally was in four main sectors – business & professional services (28%), government (19%), healthcare (15%) and retail (15%).

While technical attacks on the newest vulnerabilities tend to dominate the media, many attacks rely on less technical means. According to the GTIR, phishing attacks were responsible for nearly three-quarters (73%) of all malware delivered to organisations, with government (65%) and business & professional services (25%) as the industry sectors most likely to be attacked at a global level. When it comes to attacks by country, the U.S. (41%), Netherlands (38%) and France (5%) were the top three sources of phishing attacks.

The report also reveals that just 25 passwords accounted for nearly 33% of all authentication attempts against NTT Security honeypots last year. Over 76% of log on attempts included a password known to be implemented in the Mirai botnet – a botnet comprised of IoT devices, which was used to conduct, what were at the time, the largest ever distributed denial of service (DDoS) attacks.

DDoS attacks represented less than 6% of attacks globally, but accounted for over 16% of all attacks from Asia and 23% of all attacks from Australia.

Finance was the most commonly attacked industry globally, subject to 14% of all attacks. The finance sector was the only sector to appear in the top three across all of the geographic regions analysed, while manufacturing appeared in the top three in five of the six regions. Finance (14%), government (14%) and manufacturing (13%)were the top three most commonly attacked industry sectors.

Steven Bullitt, Vice President Threat Intelligence & Incident Response, GTIC, NTT Security, says: “The GTIR is the most comprehensive report of its kind, based on analysis of trillions of security logs over the past year. We identified more than six billion attempted attacks over the 12-month period – that’s around 16 million attacks a day – and monitored threat actors using nearly every type of attack. We assisted organisations with data breach investigations, collected and analysed global threat intelligence, and performed our own security research. The lessons learned from all these efforts are directly reflected in the recommendations throughout this report.

“Our end goal is not to create fear, uncertainty and doubt or to overcomplicate the current state of the threat landscape, but to make cybersecurity interesting and inclusive for anyone facing the challenges of security attacks, not just security professionals. We want to ensure everyone is educated about these issues and understands that they have a personal responsibility when it comes to the protection of their organization, and that the organisation has an obligation to help them do so.”

To learn more about the most important global threats and the actions that management, technical staff and users can take to improve their security posture, follow the link to download the NTT Security 2017 GTIR: www.nttsecurity.com/GTIR2017

Summary of other key global findings:

·       Top attack source countries: United States (63%), United Kingdom (4%), China (3%)

• 32% of organisations had a formal incident response plan up from an average of 23% in previous years.
• 59% of all incident response engagements were in the top four industries – healthcare (17%), finance (16%), business and professional services (14%), and retail (12%).
• Over 60% of incident response engagements were related to phishing attacks.
• Incident engagements related to ransomware were the most common incidents (22%).
• 56% of all incidents in finance organizations were related to malware.
• 50% of all incidents in health care organisations were related to ransomware incidents.

With visibility into 40 per cent of the world’s internet traffic, NTT Security summarises data from over 3.5 trillion logs and 6.2 billion attacks for the 2017 Global Threat Intelligence Report (GTIR). Analysis is based on log, event, attack, incident and vulnerability data. It also includes details from NTT Security research sources, including global honeypots and sandboxes in over 100 different countries in environments independent from institutional infrastructures.