A notable increase in overall security event detections during the quarter, challenges in identifying and mitigating the Insider Threat, a significant jump in both phishing campaigns and malware infections, and a deeper look into possible implications of China’s new Internet Security Law round out the Q3 ’17 NTT Security GTIC Threat Intelligence Report.
The NTT Security Global Threat Intelligence Center (GTIC) released its Q3 ‘17 Threat Intelligence Report today. This blog post from Danika Blessman, our Senior Threat Intelligence Analyst, presents some key findings from the report.
Attack volume differences for attack categories across all industries between Q2 ’17 and Q3 ’17.
For the second quarter in a row, NTT Security observed a noteworthy increase in the volume of security events – up 24% – against its clients during Q3 ’17.
In stark contrast to Q2 ‘17, when malware detections dropped 41% from the fourth quarter of 2016, Q3 ’17 saw a sharp upturn in both malware and phishing campaigns. Each was up more than 40%. Organizations in the finance industry were the primary targets of these malware and phishing campaigns, as attackers sought financial gain using banking Trojans as well as Locky ransomware. Q3 ’17 was characterized by attackers continuing to leverage web application attacks, up an astounding 42% from Q2 ’17. Of these attacks, 80% targeted vulnerabilities in the Microsoft Edge browser. Q3 ’17 also saw an overall increase in attack volume, which GTIC analysts had anticipated after the substantial amount of reconnaissance activity which took place during the two previous quarters. NTT Security analysts have come to expect a jump in attack traffic during the third quarter of each year.
In addition, threat actors seeking to gain remote code execution capability on their intended targets emphasized exploitation of vulnerabilities in Apache Struts during the third quarter, garnering 49% of all vulnerability attacks during September. After jumping into the top five attack types during Q2 ’17, this sustained focus may be due to the increased attention on Apache Struts following the Equifax breach, along with ineffective – or non-existent – mitigation efforts by users.
Targeted in 25% of all event activity, the finance industry jumped ahead of manufacturing as the top targeted industry. Much of this activity is attributed to the aforementioned phishing campaigns and malware infections. Manufacturing did remain an attractive target again during Q3 ’17, following a 33% uptick in reconnaissance activity during Q2 ’17.
Business services, health care, and technology once again rounded out the top five most targeted industries this quarter.
NTT Security analysts also took a deep dive into the types of Insider Threats – a topic often overlooked across all industries. The insider threat is also often misunderstood as an overtly hostile threat, when in fact 75% of insider breaches are accidental and, in one example, cost an organization more than $30 million USD.
Lastly, NTT Security shifted its analytic focus to China’s new Internet Security Law, and discusses possible implications to organizations conducting business in China, as well as threat activity coming from suspected Chinese sources. Since 2013, China has remained in the top three source countries attributed to malicious cyber activity. This trend continued into this quarter, as sources from China moved up from third during Q2 ’17 to second place in Q3 ’17. Finance (40%) and manufacturing (31%) were the industries most attacked by Chinese sources, coinciding with industries of focus outlined in China’s newest Five Year Plan.
Download the complete GTIC 2017 Q3 Threat Intelligence Report and gain invaluable insights to help protect your organization from the latest security threats.