NTT Security 2018 Global Threat Intelligence Report (GTIR): Ransomware up 350% and spyware ranks first in volume of malware at 26% reflecting attackers' desire for long-term presence for information.
Summary of key global findings:
- 77% of ransomware was detected in four industry sectors
- 73% of malware attacks started with phishing emails
- 53% of worldwide phishing attacks originated from EMEA
- 33% of all attempted login attacks used the same 25 passwords
- 3 most attacked industries now include Finance and Manufacturing
The report summarized data from more than 6.1 trillion logs and 150 million attacks for the report which analyses global threat trends based on log, event, attack, incident and vulnerability data from NTT Group operating companies.
Attack volume targeting the technology sector has increased by 25 percent, and it now represents 19 percent of all attacks, making it the only sector to appear in the top five most attacked sectors in every geographic region (Americas, Asia, EMEA and Japan, as well as globally).
A sector that dropped in percentage and became less of a priority with just five percent was government attacks. Finance, retail and manufacturing were among the top five attacked industry sectors in four out of the five regions analyzed.
Finance remained the number one or two spot for attacks in four out of the five regions but in Japan, the final region, it wasn't even in the top five.
WannaCry set a new standard for the speed at which ransomware spread, affecting 400,000 machines and 150 countries in the space of a day. In the entirety of the EMEA, 29 percent of malware was ransomware.
Also China was identified as the source of 67 percent of attacks against the manufacturing industry in EMEA and the number one attack source in EMEA with 21 percent of attacks from China. Though it was pointed out that source infrastructure does not necessarily mean source of attackers.
Spyware/keyloggers topped the list of detected malware globally, at 26 percent, and was a particularly notable form of attack in the finance sector, indicating the desire attackers have for long-term presence in pursuit of information gathering.
Second at 25 percent were trojan/droppers and third virus/worms at 23 percent. Although spyware/keyloggers made up a huge proportion of attacks globally, within the EMEA they only make up three percent of attacks. The top malware used against targets in EMEA is ransomware/fakeware and dialers with 29 percent of attacks being put down to these methods.
Data gathered by NTT Security shows a significant number of attacks globally and regionally originate within the same region and the same country as the victim, while the attacker typically carries out attacks from somewhere entirely different.
For example, whilst the Netherlands appears in the top five attacks sources in every region, it is more likely cyber-criminals in other locations around the world are using resources within the Netherlands to conduct those attacks. Russia, surprisingly, doesn't appear higher than 10th on any list of attack source countries, however, it is likely there are Russians using resources from other countries to do their hacking so that it is not as easily detectable or traceable back to them. Compromised systems, purchased hosting, outsourced exploit kits and botnets are making it easier for attackers to maximise local resources and obfuscate their trail.
Jon Heimerl, senior manager of the Threat Intelligence Communication Team, Global Threat intelligence Center at NTT Security, told SC Media UK: “The GTIR clearly demonstrates the uphill battle organisations face in achieving an optimal balance between operational security and compliance initiatives.
In order to be successful they cannot afford to be complacent and must recognise that having a firm grasp on what it takes to remain secure is a fundamental part of every day business operations.”
Ransomware Hostage Rescue Manual
Get the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:
- What is Ransomware?
- Am I Infected?
- I’m Infected, Now What?
- Protecting Yourself in the Future
Don’t be taken hostage by ransomware. Download your rescue manual now!
Or cut&paste this link in your browser: http://info.knowbe4.com/ransomware-hostage-rescue-manual-0