2018 Global Threat Intelligence Report: Finance sector attacks increase to 26% making it the most attacked sector

Global — 25 April 2018  NTT Security report shows ransomware detection up 350% and spyware ranks first in volume of malware at 26% reflecting attackers’ desire for long-term presence for information gathering

NTT Security, the specialised security company and center of excellence in security for NTT Group, has launched its 2018 Global Threat Intelligence Report (GTIR), which reveals the number of attacks on the finance sector has increased over the previous year, rising to 26% from 14% while ransomware detection increased by a staggering 350%, to account for 7% of global malware in 2017.

NTT Security summarizes data from over 6.1 trillion logs and 150 million attacks for the 2018 GTIR, which analyzes global threat trends based on log, event, attack, incident and vulnerability data from NTT Group operating companies and highlights the latest ransomware, phishing and DDoS attack trends demonstrating the evolving threat landscape faced by global organizations.

The report also shows attack volume targeting the technology sector increased 25%, driving the sector up sharply to 19% of all attacks, making it the only sector to appear in the top five most attacked sectors in every geographic region (Americas, APAC, EMEA and Japan, as well as globally). Conversely, government targets became far less of a priority and dropped to just 5%. Finance, retail and manufacturing were among the top five attacked industry sectors in four of the five regions analyzed.

Change dominated the global cybersecurity landscape with shifts observed between attack targets, source and destination attack profiles and the types of technologies attacked. The rise in ransomware detection by 350% illustrated the ever more reliable exploits developed by attackers for high profile vulnerabilities, as the likes of WannaCry set a new standard for the speed in which it spread, affecting 400,000 machines and 150 countries within the space of a day. The surface for attacks continued to expand rapidly, fuelled by cloud and mobility, which has seen identity become the new perimeter further exacerbating the need for multi-factor authentication adoption.

Globally, spyware/keyloggers topped the list of detected malware at 26% and was a particularly notable mode of attack in the finance sector, indicating the desire attackers have for long-term presence in pursuit of information gathering. Second at 25% were trojan/droppers and virus/worms third at 23%.

In contrast to the changes observed, one constant is the trend which shows cybercriminals using regional sources to attack and assigning attribution for a specific attack remains one of the biggest challenges. Data gathered by NTT Security shows globally and regionally, a significant number of attacks originate within the same region and often the same country as the victim, while the attacker typically carries out attacks from somewhere entirely different. For example, while the Netherlands appears in the top six attack sources in every region, it is more likely cybercriminals in other locations around the world are using resources within the Netherlands to conduct those attacks. Compromised systems, purchased hosting, outsourced exploit kits and botnets are making it easier for attackers to maximize local resources and obfuscate their trail.

Jon Heimerl, senior manager of the Threat Intelligence Communication Team, Global Threat intelligence Center at NTT Security, says: “The GTIR clearly demonstrates the uphill battle organizations face in achieving an optimal balance between operational security and compliance initiatives. In order to be successful they cannot afford to be complacent and must recognize that having a firm grasp on what it takes to remain secure is a fundamental part of everyday business operations.”

“In an ever-evolving threat landscape, defending your organization is no small task, but focusing on key areas outlined in our report, such as incident response plans, multi-factor and strong authentication, comprehensive and reliable patching and usable but effective security measures, can help to build the security posture of an organization.”

To learn more about the most important global threats and the actions management, technical staff and users can take to improve their security posture, follow the link to download the NTT Security 2018 GTIR: http://go.nttict.com/2018-Global-Threat-Intelligence-Report.html 

Summary of other key global findings:

  • Top attack source countries: United States (27%), China (19%), Netherlands (4%)
  • Ransomware increased from being 1% of global malware in the 2017 GTIR to nearly 7%
  • Ransomware incident response engagement fell from over 22% of incidents in 2016 to just over 5% in 2017
  • Business and professional services joined the list of the top five globally attacked industry sectors in third position at 10%
  • The gaming sector was the most targeted by ransomware in 2017 at 20%, followed by business and professional services at 17%, health care and manufacturing both at 12% and technology at 11%
  • Financial services (18%) and health care (15%) were the two most common sectors to seek incident response services

The 2018 Global Threat Intelligence Report (GTIR) gathers data from NTT Security monitoring, management, and incident response operations. It also includes details from NTT Security research sources including global honeypots and sandboxes in over 100 countries in environments independent from institutional infrastructures.

About NTT Security
NTT Security is the specialized security company and the center of excellence in security for NTT Group.  With embedded security we enable NTT Group companies (Dimension Data, NTT Communications and NTT DATA) to deliver resilient business solutions for clients’ digital transformation needs.  NTT Security has multiple SOCs, seven R&D centers, over 1,500 security experts and handles hundreds of thousands of security incidents annually across six continents.