Gaming sites were the most targeted by ransom-seeking hackers in 2017
Independent online security company NTT Security has issued its 2018 Global Threat Intelligence Report, observing that last year the gaming sector was the most targeted by ransomware at 20 percent, followed by business and professional services at 17 percent, health care and manufacturing both at 12 percent and technology at 11 percent.
Financial services (18 percent) and health care (15 percent) were the two most common sectors to seek incident response services. In general, the Finance sector was the most attacked at 26 percent.
The NTT Security report shows that ransomware detection increased by an impressive 350 percent, to account for 7 percent of global malware in 2017.
NTT Security summarizes data from over 6.1 trillion logs and 150 million attacks for the 2018 GTIR, which analyses global threat trends based on log, event, attack, incident and vulnerability data from NTT Group operating companies and highlights the latest ransomware, phishing and DDoS attack trends faced by global organisations.
The report shows attack volume targeting the technology sector increased 25 percent, driving the sector up sharply to 19 percent of all attacks, making it the only sector to appear in the top five most attacked sectors in every geographic region (Americas, APAC, EMEA and Japan, as well as globally).
Change dominated the global cybersecurity landscape with shifts observed between attack targets, source and destination attack profiles and the types of technologies attacked.
The rise in ransomware detection illustrated the exploits developed by attackers for high profile vulnerabilities, as the likes of WannaCry set a new standard for the speed in which it spread, affecting 400,000 machines and 150 countries within the space of a day.
The surface for attacks continued to expand rapidly, fueled by cloud and mobility, which has seen identity become the new perimeter further exacerbating the need for multi-factor authentication adoption.
Globally, spyware/keyloggers topped the list of detected malware at 26 percent and was a particularly notable mode of attack in the finance sector, indicating the desire attackers have for long-term presence in pursuit of information gathering. Second at 25 percent were trojan/droppers and virus/worms third at 23 percent.
One constant is the trend which shows cybercriminals using regional sources to attack and assigning attribution for a specific attack remains one of the biggest challenges. Data gathered by NTT Security shows globally and regionally, a significant number of attacks originate within the same region and often the same country as the victim, while the attacker typically carries out attacks from somewhere entirely different.
For example, while the Netherlands appears in the top six attack sources in every region, it is more likely cybercriminals in other locations around the world are using resources within the Netherlands to conduct those attacks.
Jon Heimerl, senior manager of the NTT Threat Intelligence Communication Team, says: “The GTIR clearly demonstrates the uphill battle organisations face in achieving an optimal balance between operational security and compliance initiatives.
“In order to be successful they cannot afford to be complacent and must recognize that having a firm grasp on what it takes to remain secure is a fundamental part of everyday business operations.”
Summary of other key global findings:
- Top attack source countries: United States (27 percent), China (19 percent), Netherlands (4 percent);
- Ransomware increased from being 1 percent of global malware in the 2017 GTIR to nearly 7 percent;
- Business and professional services joined the list of the top five globally attacked industry sectors;
- Locky trojan and WannaCry worm accounted for 45 percent and 30 percent, respectively, of ransomeware attacks last year;
- The gaming sector was the most targeted by ransomware in 2017 at 20 percent, followed by business and professional services at 17 percent, health care and manufacturing both at 12 percent and technology at 11 percent;
- Europe, Middle East and Africa (EMEA) region accounted for 36 percent of ransomeware attacks in 2017;