NTT Security is proud to publish the 2019 Global Threat Intelligence Report (GTIR). In this, its seventh consecutive year, the GTIR is the culmination of the analysis of data gathered from NTT Security managed security services and incident response engagements, along with our research and development teams.
Over the course of a year, NTT Security processed over 6.1 trillion logs and more than 150 million attacks through our managed security services and analyzes attack details as part of our incident response services. We observe and research attacks from nearly every country in the world. We observe attacks against clients in virtually every industry, in nearly every environment in which they operate. We observe unique attacks which are customized for specific clients and industries, and we observe highly weaponized, automated attacks which are used universally. These attacks are used not because they are particularly interesting or tricky, or because they take advantage of the newest vulnerabilities, but because they work.
Industry trends are always interesting, because they can suggest attacker goals. Attackers interested in direct financial gain may, for instance, focus on those industries which manage more financial information. As a result, as the target of 17% of all attacks, the finance sector was once again the most attacked sector, edging out the technology sector by a fraction of a percent. Finance has been the most attacked industry for six of the seven years NTT Security has been publishing the GTIR. This continues trends from previous years in which finance and technology have often been the two most attacked industries.
Attackers continued to leverage vendor trust relationships and target business and professional services organizations. The government sector became one of the most attacked sectors in 2018 due to continued long-term activity with a broad base. Coin mining campaigns contributed to education joining the list of the top five most attacked sectors for 2018.
While coin mining was often the buzz of the security world during 2018, web-application and application-specific attacks took center stage during NTT Security analysis of attacks. Spurred partially by a record high 16,555 new vulnerabilities defined during 2018, these web attacks accounted for 32% of all attacks, effectively doubling the amount of such attacks from the previous year.
Web attacks combined with reconnaissance, service-specific attacks, and brute-force attacks to account for 73% of all hostile activity over the year. This is an increase from the 63% for those same attacks in 2017.
Even though some global trends were obvious, regional differences still highlight that every region and every industry garner their own types of attention from hostile actors:
- Attacks from sources in China against all targets in EMEA dropped nearly 40%.
- A 267% increase in web attacks helped drive the transport and distribution sector’s position as the fifth most attacked sector in EMEA.
- Attacks targeting the healthcare sector in the Americas increased nearly 200%.
- Russia ranked higher (number three) against targets in the Americas than against any other region.
- Technology became the most attacked sector in APAC due to a doubling of the percentage of web attacks from the previous year.
- 21% of all hostile activity in APAC was related to brute-force attacks, compared to 12% globally.
The 2019 NTT Security Global Threat Intelligence Report discusses several security challenges which have the potential to impact the overall security of most industries. The GTIR also highlights differences in the details observed between attack sources, attack types, and affected sectors. Reviewing these details in comparison to your own industry can help you customize your controls in a manner which best meets the business and operational needs of your business.
Download the 2019 NTT Security Global Threat Intelligence Report to read about some of those details today. Go to nttsecurity.com/2019GTIR.