Study: 3 in 4 Ransomware Attacks Occur in 4 Different Sectors

NTT Security's malware report includes insights on ransomware, phishing and distributed denial of service (DDoS) malware attacks.
Published: May 8, 2017

The following article originally ran in Campus Safety sister publication, Security Sales & Integration.

NTT Security, a provider of cyber resiliency services, revealed in a new global threat intelligence report that 77% of all detected ransomware from Oct. 1, 2015, to Sept. 31, 2016, occurred in four main sectors: business and professional services (28%), government (19%), healthcare (15%) and retail (15%).

The 2017 Global Threat Intelligence Report (GTIR) analyzes global threat trends based on log, event, attack, incident and vulnerability data.

Analyzing content from NTT Group operating companies, including NTT Security, Dimension Data, NTT Communications and NTT Data, and data from the Global Threat Intelligence Center (formerly known as SERT), the report highlights the latest ransomware, phishing and distributed denial of service (DDoS) attack trends and demonstrates the impact of today’s threats against global organizations.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

While technical attacks on the newest vulnerabilities tend to dominate the media, many attacks rely on less technical means.

According to the GTIR, phishing attacks were responsible for nearly three-quarters (73%) of all malware delivered to organizations, with government (65%) and business & professional services (25%) as the industry sectors most likely to be attacked at a global level.

When it comes to attacks by country, the United States (41%), Netherlands (38%) and France (5%) were the top three sources of phishing attacks.

According to the report, in 2016 just 25 passwords accounted for nearly 33% of all authentication attempts against NTT Security honeypots, which refer to computer security mechanisms set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.

More than 76% of log on attempts included a password known to be implemented in the Mirai botnet – a botnet comprised of Internet of Things (IoT) devices, which was used to conduct, what were at the time, the largest ever DDoS attacks.

RELATED: Historic DDoS Cyberattacks Linked to Rutgers Student

DDoS attacks represented less than 6% of attacks globally, but accounted for over 16% of all attacks from Asia and 23% of all attacks from Australia.

Finance was the most commonly attacked industry globally, subject to 14% of all attacks. The finance sector was the only sector to appear in the top three across all of the geographic regions analyzed, while manufacturing appeared in the top three in five of the six regions. Finance (14%), government (14%) and manufacturing (13%) were the top three most commonly attacked industry sectors.

Summary of Cyberattack Findings:

  • Top attack source countries: U.S. 63%), United Kingdom (4%), China (3%)
  • 32% of organizations had a formal incident response plan up from an average of 23% in previous years
  • 59% of all incident response engagements were in the top four industries: healthcare (17%), finance (16%), business and professional services (14%) and retail (12%)
  • Over 60% of incident response engagements were related to phishing attacksIncident engagements related to ransomware were the most common incidents (22%)
  • 56% of all incidents in finance organizations were related to malware
  • 50% of all incidents in healthcare organizations were related to ransomware incidents

With visibility into 40% of the world’s Internet traffic, NTT Security summarizes data from over 3.5 trillion logs and 6.2 billion attacks for the 2017 GTIR, according to the company. Analysis is based on log, event, attack, incident and vulnerability data. It also includes details from NTT Security research sources, including global honeypots and sandboxes in over 100 different countries in environments independent from institutional infrastructures.

The full 2017 GTIR report can be downloaded here.

Read Next: Here’s How 7 Institutions Dealt with Recent Ransomware Attacks

Posted in: News

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series