Finance and Government verticals top the cyber attack list

Cyberattacks on the government sector doubled in 2016, rising to 14% from 7% of all cybersecurity attacks in 2015, according to the Executive’s Guide to the NTT Security 2017 Global Threat Intelligence Report. Attacks on the finance sector also increased drastically from just 3% in 2015 to 14% of all attacks in 2016. 

The manufacturing sector came in at third place at 13%, while the retail sector, which topped the list of all cybersecurity attacks on all sectors in 2015 moved down into fourth place (11%).

As per the report, there are a number of global geo-political events which could have contributed to the government sector being a cybersecurity attack target. These include:

• the US presidential election campaign
• a new US administration with a more aggressive stance towards China and North Korea
• China adopting a more aggressive policy stance in securing its vital ‘core interests’
• the US and European Union-led economic sanctions against Russia
• Russian state-sponsored actors continuing cyber operations against Western targets
• growing negative sentiment in the Middle East against the West’s aggression towards Syria

Matthew Gyde, Dimension Data’s Group Executive – Security said, “Governments all over the world are constantly under the threat of sophisticated attacks launched by rival nation-states, terrorist groups, hacktivists, and cyber criminals. That’s because government agencies hold vast amounts of sensitive information – from personnel records, budgetary data, and sensitive communications, to intelligence findings. What’s interesting is that this year we saw numerous incidents involving insider threats."

Commenting on the financial services industry, Kiran Bhagwanani, CEO – Dimension Data India Pvt. Ltd. said, “The ongoing attacks in the financial services industry are no surprise. These organisations have large amounts of digital assets and sensitive customer data. Gaining access to them enables cybercriminals to monetise personally identifiable information and credit card data in the underground economy.

Some of the key highlights in the report are:

• 63% of all cyberattacks originated from IP addresses in the US, followed by the UK (4%), and China 3%. India with 1% was 12th in the list of nations. The US is the predominant location of cloud-hosted infrastructure globally. Threat actors often utilise public cloud to orchestrate attacks due to the low cost and stability of this infrastructure.
• The Internet of Things (IoT) and operating technology (OT) devices must be considered as both a potential source and target of attack. Of the IoT attacks detected in 2016, some 66% were attempting to discover specific devices such as a particular model of video camera, 3% were seeking a web server or other type of server, while 2% were attempting to attack a database.
• The top cybersecurity threats facing digital businesses are phishing, social engineering, and ransomware; business email compromise; IoT and distributed-denial-of-service (DDoS) attacks; and attacks targeting end-users.
• Suspicious activities with 30% share remained the most prevalent type of attack in 2016 followed by web application attack (16%), Server Specific attack (8%) and Malware (7%), Brute forcing (7%) and application specific attack (7%)
• Phishing attacks were responsible for a high 73% of malware being delivered to an organization
• Top regions attacking Asia were the US, Vietnam and Republic of Korea. Most commonly targeted business sectors for attacks in Asia were finance (46%), manufacturing (32%), and education (9%).
• Of these, two industries were targeted in 78% of all attacks – finance (46%) and manufacturing (32%)

In 2016, the report indicated a 11% year-on-year improvement in the number of organisations actively maturing their incident response preparedness.

Globally, 32% of organisations had a formal incident response plan in 2016. This is up from an average of 23% in previous years. This is an encouraging trend which indicates that businesses are realising that being prepared and having a tested response plan, coupled with actionable threat intelligence, can limit the impact of a breach, while also supporting clear business justification for that plan. 

In 2016, over 60% of incident response engagements in which we were involved were related to phishing attacks. There was an increase in malware in incident response engagements. Malware includes various types of malicious software including ransomware, bot droppers, and payloads. Incident engagements related specifically to ransomware were the most common (22%). An increase in DDoS engagements in 2016 as compared to 2015 was also observed. 

Kobieta