2015 Global Threat Intelligence Report - Dimension Data

2 downloads 289 Views 400KB Size Report
Adobe Acrobat. Internet Explorer. Adobe Flash. Firefox. Windows. Silverlight. Others. Increased focus on Adobe Flash sin
2015 Global Threat Intelligence Report An analysis of global security trends

• over 6 billion attacks • trillions of logs • over 18,000 clients

Data gathered from NTT security companies and NTT’s live Global Threat Intelligence Platform

Attack analysis Attack sources Rest 9% Canada 0.9%

56% of attacks originate from IP addresses within the US but attackers could be anywhere in the world

Denmark 1.1%

Netherlands 2% UK 3% France 2%

US 56%

Russia 2%

Germany 2% Ukraine 1.3%

China 9% India 1.5%

Australia 9%

Attacks by sector 18%

• Finance sector still #1 target with 18% of all detected attacks

16% 14%

• Attacks on business & professional services up from 9% to 15% - easier, but high-value targets for attackers

12% 10%

8%

6% 4% 2%

Other

Non-profit

Hospitality, leisure & entertainment

Media

Gaming

Transport & distribution

Insurance

Pharmaceuticals

Government

Education

Technology

Healthcare

Manufacturing

Retail

Business & professional

Finance

0%

Malware attacks by sector Healthcare 24%

Business & professional services 15%

Manufacturing 6%

Government 8%

Retail 3%

Finance 4%

Other 5%

Education 35%

35% of all detected malware events hit education sector

Attacks by type Other 5% Known Bad Source 3%

Anomalous Activity 20%

Evasion Attempts 3% DoS / DDoS 5% Application Specific Attack 7%

Network Manipulation 18%

Reconaissance 10% Web Application Attack 15% Service Specific Attack 14%

• Reconnaissance activity from 4% to 10% • Crafted attacks on targeted victims more common

The user is the perimeter

Attacks have shifted from application to user

7/10

7 / 10 vulnerabilities relate to end-user systems

End-user systems often have unpatched vulnerabilities

• 76% of vulnerabilities + 2 years old • 9% of those +10 years old

Users connected to public network using personal, and often more vulnerable devices

End-user exploits spike after weekends / holidays when users reconnect

Cybercrime is

$$$ Software exploit kits sold in hacking forums hackers take advantage of unpatched flaws install malicious software on vulnerable devices

Vulnerabilities targeted in exploit kits 110

2013

2014

100

Java

90 80

Adobe Acrobat

70

Internet Explorer

60

Adobe Flash

50

Firefox

40

Windows

30 20

Silverlight

10

Others

0

Increased focus on Adobe Flash since security on Java and Internet Explorer improved in 2014.

Changing profile of cybercriminals Organised crime groups with considerable resources and expertise

Attacks motivated by: • profit • botnet infrastructure • extortion • fame/notoriety • hacktivism

Incident response & threat intelligence

• Incident response capabilities maturing at a slow pace. • 74% of organisations have no formal incident response plan.

Average incident response time Organisations with no vulnerability management programme take nearly 200 days to patch vulnerabilities with CVSS score of 4.0 or more

The threat intelligence cycle Our approach to successful threat intelligence helps numerous enterprises stay protected

Threat intelligence defined

1.Consumer needs, planning, requirements & direction

5. Dissemination of product to consumer

4. Intelligence analysis & production

2. Raw information collected based on requirements

3. Information processed & exploited

dimensiondata.com/globalthreatreport

#GlobalThreatReport