Rarely a day goes by that a major cyber-attack against a business, hospital, school, or government agency doesn’t make global headlines. Dealing with data breaches, ransomware infections, distributed denial of service (DDoS) attacks, and a multitude of other cyber threats has become a part of doing business for most organizations.
Despite the grim outlook, there’s also a great deal of research being done on various cyber crime trends to help keep cybersecurity professionals well-informed on the threat landscape. NTT Security’s recently published “2017 Global Threat Intelligence Report,” provides a wealth of data points on the aforementioned cyber threats and how hackers continue to vary their tactics. Some of the highlights of the report’s findings include:
- Phishing attacks were responsible for as much as 73 percent of malware being delivered to organizations.
- 77 percent of all detected ransomware was in four industries – business and professional services (28 percent), government (19 percent), healthcare (15 percent), and retail (15 percent).
- 25 passwords accounted for nearly 33 percent of all authentication attempts against NTT Security Honeypots, which are systems built as lures to attract attackers and gather information on their methods.
- Globally, DDoS attacks accounted for less than 6 percent of all attacks; however, they accounted for over 16 percent of all attacks from Asia and 23 percent of all attacks from Australia.
The report also analyzed trends by specific geographic regions. Within the Americas, for example, after the United States (54 percent), China (17 percent) was responsible for more attacks against the company’s clients in the region than any other source country. The three industries most frequently targeted in the Americas were manufacturing (23 percent), education (20 percent), and finance (15 percent).
Rob Kraus, director of security research and strategy for NTT Security, says that while many of the attack trends highlighted in this year’s report are similar to what they have found in past iterations, what has changed is the frequency in which they are employed.
“As you can imagine, say four or five years ago, phishing and SQL injection were the hot topics with some of the tools reaching their maturity lifecycle. And then three or four years ago we started moving deeper into ransomware,” Kraus says.
The Rise of Business Email Compromise
Kraus says they have really seen a sharp uptick recently in business email compromise (BEC) schemes, which essentially involve a bad actor setting up a phishing server and then sending out targeted and well-crafted emails – usually spoofed to look as if it came from a C-level executive – to those who work in accounting or finance roles within various organizations to trick them into sending them money or sensitive data. According to the report, BEC attacks were the second most common form of phishing attacks that NTT Security incident response engagement teams encountered in 2016, just behind ransomware.
In some cases, Kraus says the attackers were able to get away with only a few thousand dollars, but in others they’re responded to, the amount was in excess of $100,000. In fact, the report found that the average BEC incident involves a loss of about $67,000 compared to the average cost of a ransomware incident which is only $700.
And while the importance of having employees across the board take part in security awareness training is always emphasized, Kraus says a lack of training is not always to blame when it comes to these types of scams but rather good old fashioned checks and balances.
“For years, we’ve been talking about the human as being the weak link and so on and so forth. It’s not just the end-user being the victim and the human being the weakest link, but the other part of the equation most organizations are missing is that if you have processes and procedures in place to validate these requests – even if someone falls victim to it – they can thwart the attack altogether.”
Ransomware Awareness Increases
Despite some of the widely publicized incidents involving ransomware infections in recent months, Kraus believes organizations are starting to do a better job of responding to these types of attacks. Prior to the recent surge in BEC attacks, for example, Kraus says NTT Security’s teams spent much of their time helping customers get out of ransomware situations, but that has started change more recently.
“I think over time the security industry in general has done a little bit better job of saying, ‘hey, listen, you’ve got some choices when it comes to ransomware.’ You can either pay the bitcoin and get your data back – then you’re known as somebody who pays and you might get attacked again – or you don’t pay and hopefully you can recover from backups,” Kraus adds. “That being said, I certainly don’t believe that ransomware is dead but the attackers are going to be in the cycle now of how do they take another approach to this because it was fairly successful.”
Trends to Watch
Moving into the rest of 2017 and beyond, Kraus believes that hackers are going to begin targeting Internet of Things (IoT) devices even more than they do today as developers have only begun to scratch the surface of what’s capable with technology and the increasing number of devices that are being brought online daily. Not only will the IoT give attackers a broader base from which to work with, according to Kraus, but it can also be weaponized to carry out botnet assaults as was the case in last year’s DDoS attacks against Krebs on Security and Dyn.
“On the horizon, I think we’re just on the cusp of getting deeper into things like drone cars and home automation-types of things. When you start looking at automobile hacking, just on the market now there are a lot more books available specifically about that craft, and so I anticipate a lot of folks will start to pick up on that a little bit more,” he says. “With home automation and things like doorbells that have cameras built-in, can the bad guys use that technology to tell if someone is home? If I want to break into a house, can I tell it that someone is at home by hacking into the system?”
Click here for more information or to download a full copy of the report.
Joel Griffin is the Editor of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].