Ransomware is up 350 percent and spyware ranks first in volume of malware at 26 percent reflecting attackers' desire for long-term presence for information gathering according to the 2018 Global Threat Intelligence Report (GTIR) from NTT Security.
The report summarised data from more than 6.1 trillion logs and 150 million attacks for the report which analyses global threat trends based on log, event, attack, incident and vulnerability data from NTT Group operating companies.
Cyber-crime is one of the fastest growing industries because it is an easy way for people with computer skills to make money, and they are easily drawn in by the amount they can make from hacking into company data and accessing personal records.
Attack volume targeting the technology sector has increased by 25 percent, and it now represents 19 percent of all attacks, making it the only sector to appear in the top five most attacked sectors in every geographic region (Americas, Asia, EMEA and Japan, as well as globally). A sector that dropped in percentage and became less of a priority with just five percent was government attacks. Finance, retail and manufacturing were among the top five attacked industry sectors in four out of the five regions analysed.
Finance remained the number one or two spot for attacks in four out of the five regions but in Japan, the final region, it wasn't even in the top five.
WannaCry set a new standard for the speed at which ransomware spread, affecting 400,000 machines and 150 countries in the space of a day. In the entirety of the EMEA, 29 percent of malware was ransomware. Also China was identified as the source of 67 percent of attacks against the manufacturing industry in EMEA and the number one attack source in EMEA with 21 percent of attacks from China. Though it was pointed out that source infrastructure does not necessarily mean source of attackers.
Spyware/keyloggers topped the list of detected malware globally, at 26 percent, and was a particularly notable form of attack in the finance sector, indicating the desire attackers have for long-term presence in pursuit of information gathering. Second at 25 percent were trojan/droppers and third virus/worms at 23 percent. Although spyware/keyloggers made up a huge proportion of attacks globally, within the EMEA they only make up three percent of attacks. The top malware used against targets in EMEA is ransomware/fakeware and dialers with 29 percent of attacks being put down to these methods.
Data gathered by NTT Security shows a significant number of attacks globally and regionally originate within the same region and the same country as the victim, while the attacker typically carries out attacks from somewhere entirely different. For example, whilst the Netherlands appears in the top five attacks sources in every region, it is more likely cyber-criminals in other locations around the world are using resources within the Netherlands to conduct those attacks. Russia, surprisingly, doesn't appear higher than 10th on any list of attack source countries, however, it is likely there are Russians using resources from other countries to do their hacking so that it is not as easily detectable or traceable back to them. Compromised systems, purchased hosting, outsourced exploit kits and botnets are making it easier for attackers to maximise local resources and obfuscate their trail.
Jon Heimerl, senior manager of the Threat Intelligence Communication Team, Global Threat intelligence Center at NTT Security, told SC Media UK: “The GTIR clearly demonstrates the uphill battle organisations face in achieving an optimal balance between operational security and compliance initiatives. In order to be successful they cannot afford to be complacent and must recognise that having a firm grasp on what it takes to remain secure is a fundamental part of every day business operations.”