Reading the NTT 2017 Global Threat Intelligence Center (GTIC) Quarterly Threat Intelligence Report
1.12.2017 securityaffairs Analysis
NTT Security, a company of the tech giant NTT Group focused on cyber security, has released its 2017 Global Threat Intelligence Center (GTIC) Quarterly Threat Intelligence Report.
The research includes data collected over the last three months from global
NTT Security managed security service (MSS) platforms and a variety of open-source intelligence tools and honeypots.
The report is very interesting and full of precious information, it is organized in the following sections:
Global Threat Visibility.
China’s Cybersecurity Position is More Complicated Than You Realize.
The Face of the Insider Threat
Let’s analyze in detail each session:
Global Threat Visibility
NTT Security Global Threat Intelligence Center observed significant increase (+24% from Q2 ‘17) in the number of security events during Q3 ’17, Finance was a privileged target of threat actors, experts observed a notable increment of detection of malicious activities in Q3 ’17 (+25%).
The experts observed a worrisome increase in the number of phishing campaigns and malware infections, up more than 40 percent since Q2 ‘17.
“Attack techniques have shifted from formal reconnaissance and exploitation to an increased dependency on botnet infrastructure, phishing campaigns, malicious attachments and links.” states the report.
Interesting the data related to the attack sources, China leads the Top Ten char, followed by China, the novelty is represented by India that made a huge jump from outside the number three.
China’s Cybersecurity Position is More Complicated Than You Realize
Attacks from China moved up from the number three spot in Q2 ’17 to number two in Q3 ’17.
The presence of China doesn’t surprise any more, but it is interesting to highlight that during Q3 ’17, finance and manufacturing were the most heavily targeted industries from Chinese attackers, with 40 percent and 31 percent, respectively.
NTT Security confirms that for the past five years IP addresses in China have ranked within the top three of all source countries (consider also that IP addresses within the United States have always been the number one source of attacks).
“It is important to note that the term “Chinese sources” does not imply attribution, necessarily, to any entity associated with China. Threat actors often route through several nodes, making it difficult to determine the true source of malicious activity” continues the report.
The Face of the Insider Threat
The report highlights the danger of insider threats, 30 percent of them will put an organization at risk, in most cases organizations totally ignore the risks.
The report distinguishes “Accidental Threat Facts” such as Accidental disclosure (e.g., unsecured databases, default internet-facing username and password logins), Improper or accidental disposal of physical records (e.g.,disposal of paper without shredding.), Accidental damage (e.g., accidental misconfiguration or command which results in loss of data or connectivity) from “Malicious Insider Threat.”
According to the experts, Insider threats cost organizations more than $30 million.
“In 2016, large organizations with more than 75,000 employees spent an average of $7.8 million to address and resolve a single insider threat incident, while small organizations of between 1,000 and 5,000 employees and contractors spent an average of $2 million per incident.” states the report.
Below a summary of other key findings in the Q3 Global Threat Intelligence Center Quarterly Threat Intelligence Report include:
A notable increase in the number of security events during Q3 ’17 – up 24 percent from Q2 ’17
The finance industry had the most detections for malicious activity in Q3 ’17 – representing 25% of all cybersecurity attacks
Rounding out the top five targeted industries were: manufacturing at 21%, business services at 16%, health care at 13% and technology at 12%
Phishing campaigns and malware infections both increased by more than 40% over Q2 ’17
Attacks from China moved up from the number three spot in Q2 ’17 to number two in Q3 ’17
As an attack source, India also made a huge jump from outside the top 10 up to number three, most likely due to outside actors leveraging vulnerable and/or compromised infrastructure.
The NTT Security Q3 Threat Report can be downloaded for free at www.nttsecurity.com/en-us/gtic-2017-q3-threat-intelligence-report.