NTT Security issues its quarterly Threat Intelligence Report, which underscores the need for more advanced tools to protect organisations’ data and networks from the evolving tactics, techniques and procedures (TTPs) used by cyber-attackers. A topic of considerable public attention is the ability to determine the source of cyber-attacks to determine their credibility and motivation.
36% drop in cybersecurity attacks
“In compiling our latest Threat Intelligence Report, NTT Security analysts observed a 35 percent decrease in the number of cybersecurity attacks during Q4 2016, which is certainly a positive trend; however, it is imperative that organisations not be lulled into a false sense of security,” said Rob Kraus, Director, Security Research and Strategy, NTT Security. “At the same time, the intensity and sophistication of these attacks are on the rise. Hackers are shifting their strategy from widespread attacks to a more focused effort to compromise specific targets they can leverage, opening the door for more malicious and potentially lucrative actions.”
Use of false flagging
The latest Threat Intelligence Report from NTT Security cites hackers' rampant use of “false flagging” to disguise the true source of an attack. For example, an attack may appear to have originated from a server in China or Russia when in fact the source may have originated from a source in the U.S. or other country. This allows attackers to cleverly disguise their motivation, which may be establishing ongoing network access, stealing financial data or withdrawing funds directly from an organisation. This new Threat Intelligence Report presents timely and actionable information to help organisations better understand the evolving science of cyber forensics. This underscores the vital need to deploy advanced tools that more effectively identify where an attack originated, who is responsible and what their true motives are.
Among the top targeted vertical markets for cyberattack, the Q4 report cites the retail industry as particularly attractive to hackers and security breaches
Retail industry prone to attack
Among the top targeted vertical markets for cyberattack, the Q4 report cites the retail industry as particularly attractive to hackers and security breaches. This is largely due to the fact that most retailers process customers’ credit and debit card information through their systems. The Threat Intelligence Report outlines numerous best practices that retail organisations can implement, such as deploying IT security tactics that are aligned with the Payment Card Industry Data Security Standard (PCI DSS), which can help increase controls around cardholder data and reduce fraud.
“Based on the findings reported in our most recent Threat Intelligence Report, it is obvious that despite progress to date, organisations must continue to mature their cybersecurity controls and processes. Comprehensive, customised MSS platforms can play a growing role in achieving this goal. From determining where potential vulnerabilities exist to preventing the attacks that leverage them, the MSS offering from NTT Security provides the proven platform, expertise and experience to help IT professionals implement the advanced cybersecurity measures necessary for today’s environment,” Kraus said.
Additional key findings of the NTT Security Q4 2016 Threat Intelligence Report include:
- Increased client botnet activity driven by attacks on Internet of Things (IoT) devices
- Remote code execution (RCE) exploits in Adobe Flash were the most common, accounting for 22 percent of all application-specific attacks
- DNS queries for domains with the new .pw TLD began to spike in November 2016, suggesting an increase in phishing and spam efforts
- An 11 percent increase in the volume of attacks against retailers, with key loggers and spyware accounting for 68 percent of all malware across all retail clients
- Nation-state attacks are on the rise, with evidence of state-sponsored actions identified in two-thirds of the 30 tracked industry verticals
- Malicious traffic from Russian Federation hosts jumped from 10th place to the top 3
- The average length of time cyberattacks go undetected is 146 days, while some state-sponsored Advanced Persistent Threat activities can go undetected for years