NTT Security released its Q4 2015 Quarterly Threat Report today.
As the source of 63 percent of all detected attacks and 79 percent of all detected malware, the United States is once again the most hostile source of cyberattacks. As we’ve seen in the past, this does not mean the attackers are within the U.S. but are using U.S. infrastructure as their launching pads. A 77 percent drop in reconnaissance activity from Q3 ’15 to Q4 ’15 indicates reconnaissance activity has plummeted nearly 88 percent from levels seen in Q2 ’15.
Malware detection and trends continue to vary widely from quarter to quarter, but one interesting observation is that the top five sources of malware accounted for 79 percent of all malware detected during Q4 ‘15. While detected malware rose only slightly through Q4 ’15, it is worth noting that malware from the top five producers (United States, China, France, Italy and the United Kingdom) combined to produce 25 percent more malware than they had during Q3 ’15. Not only that, but we observed a 236 percent increase in viruses and worms during Q4 ’15. This type of malware is often indicative that an organization may have been otherwise compromised and infected with a virus or worm, which enables the attacker to retain a persistent presence and potentially laterally expand compromise within the targeted environment.
Throughout Q4 ’15, some attacks, most notably Web application and application-specific attacks, have actually increased. These include attacks attempting to exploit a new Joomla! vulnerability, which was the single highest volume of application attacks from the time researchers announced the vulnerability through the remainder of the year. Researchers analyzed these new attacks and profiled a campaign from a Kurdish hacker who was using the Joomla! exploit in his attacks.
Meanwhile, Shellshock issues continue, accounting for over 77 percent of all application-specific attacks during Q4 '15. Our researchers analyzed the characteristics of BASHLITE attacks to better show how effective an application-specific attack like this can be.
As interesting as the past can be, researchers are also concerned about what certainly appears to be an increase in threats against the Android platform. With more vulnerabilities being defined for Android during 2015 than the previous six years combined and new Android malware being produced faster than ever before, it certainly looks like Android’s time may have finally come. To make this worse, so far, 2016 has generated Android vulnerabilities even faster than 2015.
Much of the data we gathered for Q4 ’15 remained similar to observations from previous quarters. Attacks generally progressed rapidly through a kill chain process – from target identification through reconnaissance, attack and infection. While this tends to be a consistently story, we detected significant variations in quarter to quarter reconnaissance, attacks and viruses. While this is not a new attack model, it is interesting to see such large shifts in what we have observed throughout 2015. We also provide recommendations which can help mitigate the effects of the threats discussed in this quarter’s report.
Download and read the complete Q4 2015 Threat Report to use the information to help protect your organization from the latest security threats, both now, and in the future.