A notable increase in event detections, challenges in securing manufacturing’s Industry 4.0 and smart factories, a jump in malicious activity from sources in France and the Netherlands, and a deeper look into Apache Struts activity round out the GTIC 2017 Q2 Threat Intelligence Report.
While NTT Security observed a 24 percent increase in malicious activity against its clients during Q2 ’17, and malware detections dropped 41 percent from the previous quarter, Q2 ’17 was characterized by a wider blend of attack methods compared to Q4 ’16, including an uptick in reconnaissance activity, possibly indicating preparation for attacks during the upcoming 3rd and 4th quarters. This would continue a trend NTT Security has observed for several years.
Attacks observed in Q2 ’17 included a variety of web application attacks, attacks allowing for remote code execution, and phishing-based attacks. In fact, 67 percent of all malware distribution during the quarter was distributed via email.
Within these phishing campaigns, however, cybercriminals appeared to have a narrower focus, as their preferred vector was leveraging PowerShell commands in VBA macros within malicious attachments.
In addition, threat actors continue to exploit tried-and-true vulnerabilities like MS SQL and Adobe Flash Player, as many organizations remain behind in patching network assets. Attacks against known vulnerabilities will continue, as long as systems remain unprotected.
Targeted in 34 percent of all event activity, manufacturing was the most attacked industry during the quarter. This industry faces challenges balancing security efforts with an essential drive for efficiency and automation, designed to make operations more effective and manageable. Manufacturing placed in the top three targeted industries across five of the six geographic regions throughout 2016, and remains an attractive target in 2017. When considering all activity against manufacturing clients, 33 percent was reconnaissance-based, likely indicating preparation for more targeted attacks during the 3rd and 4th quarters of 2017.
Finance, health care, business services and technology rounded out the top five most targeted industries during the quarter.
NTT Security researchers collaborated with NTT-CERT, as both organizations tracked the Struts announcement and attacks on a global scale. This effort showed that Apache Struts became a “top five” attack type within about a week of being initially detected; 76 percent of detected activity originated from apparent Chinese sources.
Struts, along with unpatched vulnerabilities like those associated with WannaCry and Petya, will continue to be targets.
Download the complete GTIC 2017 Q2 Threat Intelligence Report to help protect your organization from the latest security threats.