New Research: The 2016 Global Threat Intelligence Report Is Out
April 19, 2016 • Amanda McKeon
Register now for the webinar on Thursday, April 21 to hear Recorded Future’s Scott Donnelly and Rob Kraus from Solutionary explain the report findings.
The NTT Group security companies — Solutionary, Dimension Data, and NTT Com Security — are releasing their annual Global Threat Intelligence Report (GTIR) today, which analyzes the attacks, threats, and trends from 2015. Recorded Future is proud to have been a research contributor to this 2016 report.
The threat intelligence report reveals:
- Top attacked industries, starting with retail.
- Most popular attack vectors, with exploitations and malware at the top.
- Flash vulnerabilities being most commonly targeted.
- How the cyber kill chain can be applied to more effectively defend against such attacks.
In addition to contributions from Recorded Future, the report pulls information from 24 security operations centers, 7 R&D centers, 3.5 trillion logs, 6.2 billion attacks, and nearly 8,000 security clients globally.
Let’s take a closer look at some of the report’s key findings.
Geographic and Vertical Market Trends
The retail sector experienced the most attacks per client of any industry sector. Retail was followed by the hospitality, leisure and entertainment sector, then insurance, government and manufacturing.
U.S.-based IP addresses accounted for 65 percent of attacks detected in 2015. The U.S. remains the largest source of hostile IP addresses observed by NTT Group in 2015, up from 49 percent in 2013 and 56 percent in 2014. A U.S.-based attack doesn’t mean that the attacker is actually U.S. based – non-U.S. attackers often use the U.S. infrastructure to evade geographic IP blocking.
Three sources accounted for 38 percent of all non-U.S. based attacks. Attacks from the United Kingdom, Turkey, and China made up 38 percent of the non-U.S. based attacks. Attacks from 199 other countries combined to make up the remaining 62 percent.
Vulnerabilities, Attacks, and Exploitation
The top 10 internal vulnerabilities accounted for over 78 percent of all internal vulnerabilities during 2015. All 10 internal vulnerabilities are directly related to outdated patch levels on the target systems.
Brute force attacks jumped 135 percent from 2014 levels. Throughout the year, NTT Group detected SSH brute-force attacks across its entire client base, from 75 different source countries.
DoS/DDoS attack volume fell 39 percent over levels observed in 2014. Implementation of better mitigation tools, along with fewer attacks, combined for a drop in detections of denial of service (DoS) and distributed denial of service (DDoS) activities. But, extortion based on payments by victims to avoid or stop DDoS attacks became more prevalent.
Incident Response and Case Studies
Trend data from incident response activities supported over the last three years illustrates on average only 23 percent of organizations are capable of responding effectively to a cyber incident. 77 percent have no capability to respond to critical incidents and often purchase incident response support services after an incident has occurred.
Spear phishing attacks accounted for approximately 17 percent of incident response activities supported in 2015. Spear phishing rose dramatically from less than two percent of incident response engagements in 2014.
Malware and DDoS related attacks required less incident response support compared to previous years. Malware-specific response activities were down approximately 33 percent and DDoS was down 12 percent. We observe DDoS activity is down overall, not only in incident response, but also based on observations derived from log and event monitoring.
If you’d like more information, tune in this Thursday, April 21 to hear Rob Kraus from Solutionary and Recorded Future’s Scott Donnelly cover high-level takeaways from the report and drill-down deeper into industry and vulnerability analysis. Register for the webinar.
You can also access the entire 2016 Global Threat Intelligence Report (GTIR) here.