Shrinking variety of attacks, inside  Business Email Compromises, update on ransomware, perspective on China’s  new Five Year Plan, and highlights from PCI DSS 3.2.

The NTT Security released its Q2 2016 Threat Intelligence Report today.

NTT Security observed a flattening of attack types during Q2 ’16. In recent quarters, web applications made up as much as 42 percent of observed attacks. In Q2 ’16, web application attacks made up 24 percent of such attacks. The top three attack types – web-application attacks, malware and application specific attacks, accounted for roughly 62 percent of all attacks.

Figure 1. Attacks by Type

While retaining the “most attacked” spot, the percentage of attacks dedicated to retail fell somewhat from levels observed in earlier reports – as healthcare, education and finance attacks all rose. This combination of events suggests perhaps that the attacks may have been more about the technology and exploits being used than about targeting specific industries. For instance, attacks focusing on ActiveX and Adobe products accounted for nearly 48 percent of all attacks against the top five industries.

While attacks against technology were common, one of the greatest threats to businesses right now is not based on technology. The FBI identified a 1,300 percent increase in losses due to Business Email Compromise (BEC) (aka “CEO Fraud”) in the past 18 months. At first glance, BEC attacks appear relatively simple, but they require preparation, along with a well-defined infrastructure to successfully move stolen funds. For the Q2 ’16 report, NTT Security took a detailed look at a specific BEC email, and broke down the attack process. This helped researchers define a set of recommendations to help organizations protect themselves from BEC attacks.

Another significant threat during Q2 ’16 includes both technical and non-technical components. “Ransomware” was the single biggest incident response engagement for the quarter for NTT Security. As time progressed, the ransomware of choice became evident, with CryptoWall being responsible for 94 percent of all detected ransomware. During Q2 ’16, 98 percent of all ransomware detections occurred in three industries – healthcare, education and finance – with healthcare targeted by 88 percent of all detected ransomware. By reviewing recent incidents and speculating on future ransomware evolutions, researchers defined a set of recommendations that can help organizations reduce their exposure to ransomware attacks. Researchers also included a list of 24 ransomware decryption tools.

Figure 2. Industries Affected by Ransomware

Additionally, analysis of the last Chinese Five Year Plan shows strong correlation between China’s defined goals and cyberattacks which have been attributed to Chinese government-affiliated resources. NTT Security analysts take a look at China’s newest plan to identify potential target areas.

With the goal of further improving security within the targeted environments, the PCI Security Standards Council has released version 3.2 of the PCI Data Security Standard. The updated standard may have significant impact on some environments, including the fact that assessments beginning after October 1, 2016 will be assessed against version 3.2.

Ultimately, observed changes in attacks and attack types have been more evolutionary than revolutionary, but have shifted somewhat from “stealing information to sell” to “stealing money” (via monetizing BEC and ransomware). While NTT Security analysts expect this to be a long term trend, it does not mean attackers are abandoning dedicated campaigns and targeted attacks.

Download and read the complete Q2 2016 Threat Report to use the information to help protect your organization from the latest security threats now, and in the future.

References:

http://www.solutionary.com/threat-intelligence/threat-reports/quarterly-threat-reports/sert-threat-report-q2-2016/