The new Ntt Data cyber attack report notes that the financial sector is still the most affected. The finance industry has been the most attached sector in the world for six of the last seven years.
The financial sector accounts for 17% of all attacks. This year, the technology sector has reached its financial level, with 17% of the attacks. Education and government are both new entries on the list of the top five most attacked industrial sectors. These increase from 4% to 11% and from 5% to 9% respectively. Virtual currency mining campaigns are the main responsibility for the growing attacks in education.
This data, released by Ntt Data Italia, comes from the Global Intelligence Report (GTIR) 2019 of Ntt Security. In GTIR 2019 Ntt Security collects data of thousands of billions of logs and billions of cyber attacks. Analyzing threats based on log, event, attack, incident and vulnerability analysis from Ntt Group companies.
In the new report, Ntt Security continues its analysis of cyber attacks against 18 industrial sectors. And he shares his comments on the challenges facing organizations around the world.
Computer attacks: illicit mining and phishing of data
The GTIR also reveals how virtual currency mining is driving the evolution of malware. And how hackers are increasingly adapting their attack modes and intrusion patterns to include mining in their tools.
Illegal mining has generated a considerable activity in the past year. With the technology and education sectors representing more than 86% of all detections of attacks aimed at mining activity. The most active coins recorded are XMrig (62%), commonly used by Rocke, 8220 Mining Group and Tor2Mine, followed by CoinHive (24%) and Coin Miner (13%).
According to the GTIR, cyber attacks aimed at theft of credentials and web applications have been among the most widespread activities in the last year. The most common technical attack used to commit credentials theft was phishing (67%). With malicious users trying to collect Microsoft usernames and passwords (45%), Google (27%), PayPal (15%) and DocuSign (10%).
Globally, companies have experienced an average of 32% of all web attacks, a number that has grown slightly from 29% in 2017. The financial sector has become the most targeted, representing 46% of web attacks, increasing vulnerability to this type of cyberattack.
The main evidence emerged at global level
Finance is one of the only two sectors (together the technological one) to appear among the five most attacked in each geographical region (America, Asia-Pacific and EMEA, as well as globally).
Like finance, the technology sector accounts for 17% of all attacks, although both have decreased by 26% and 19% respectively since last year. Business and professional services (12%), education (11%) and government (9%) are followed.
The technology sector accounted for 46% of all currency mining surveys. Follow-up by the education sector (40%), health care (9%), occupational services (2%) and finance (1%).
73% of all hostile activities are divided into four categories. These are: web attacks, theft of credentials, specific service attacks and brute-force attacks, rising compared to 52% recorded the previous year.
Specific attacks for web applications and applications have doubled in the last year. Targeting attacks bash, Apache Struts and Samba accounted for 54% of all hostile activities.
Web attacks accounted for 32% of all hostile traffic, with an increase of 53% in hostile activities against the most affected companies in the EMEA area.
35% of all attacks originate from IP addresses within the United States and China. The remaining sources of attack vary between regions, with both EMEA and APAC experiencing a significant amount of attacks from their own region.
Finance First Target
For John South of Threat Intelligence Communication Team, Global Threat Intelligence Center of Ntt Security, finance is top priority for targeted attacks, more than enough evidence to convince the board of how cybersecurity is an irritating investment Although existing methods and tools are still effective in providing a solid basis for reducing vulnerabilities, new attack methods are continuously developed by malicious users. Safety officers must ensure that basic controls remain a priority for safety, but they must also adopt innovative solutions if they wish to provide an adequate system and a true value.”
For Aradori Dolman, head of Security, Ntt Data Italia Let’s see the main phenomena: on the one hand the growth of web attacks at the base of a direct and fast offensive, aimed at maximizing the gain in the very short period aiming at the surprise effect. From the other malware-based circumventing actions that can go unnoticed as cryptomining, i.e. the exploitation of computational resources for the issuance of electronic money, but that allow to evaluate the vulnerability state of the user and prepare the ground for
Although the problem is the same, the response of the organisation to be effective cannot be unique but composed of the right mix of technology and expertise, experience and sensitivity in understanding the phenomenon, all guaranteeing the sustainability of the approach.
The Ntt Security GTIR 2019 report is available at this link.