19 May 2020

NTT Global Threat Intelligence Report: Attack volumes up as cyber criminals innovate faster and automate attacks

Attackers using COVID-19 pandemic to launch attacks on vulnerable organizations 
Technology tops most attacked industry list for first time to topple finance United Kingdom – London – 19 May 2020 NTT Ltd., a world-leading global technology services provider, today launched its 2020 Global Threat Intelligence Report (GTIR), which reveals that despite efforts by organizations to layer up their cyber defences, attackers are continuing to innovate faster than ever before and automate their attacks. Referencing the current COVID-19 pandemic, the report highlights the challenges that businesses face as cyber criminals look to gain from the global crisis and the importance of secure-by-design and cyber-resilience. The attack data indicates that over half (55%) of all attacks in 2019 were a combination of web-application and application-specific attacks, up from 32% the year before, while 20% of attacks targeted CMS suites and more than 28% targeted technologies that support websites. For organizations that are relying more on their web presence during COVID-19, such as customer portals, retail sites, and supported web applications, they risk exposing themselves through systems and applications that cyber criminals are already targeting heavily. Matthew Gyde, President and CEO of the Security division, NTT Ltd., says: “The current global crisis has shown us that cyber criminals will always take advantage of any situation and organizations must be ready for anything. We are already seeing an increased number of ransomware attacks on healthcare organizations and we expect this to get worse before it gets better. Now more than ever, it’s critical to pay attention to the security that enables your business; making sure you are cyber-resilient and maximizing the effectiveness of secure-by-design initiatives.”

Industry focus: Technology tops most attacked list

While attack volumes increased across all industries in the past year, the technology and government sectors were the most attacked globally. Technology became the most attacked industry for the first time, accounting for 25% of all attacks (up from 17%). Over half of attacks aimed at this sector were application-specific (31%) and DoS/DDoS (25%) attacks, as well as an increase in weaponization of IoT attacks. Government was in second position, driven largely by geo-political activity accounting for 16% of threat activity, and finance was third with 15% of all activity. Business and professional services (12%) and education (9%) completed the top five.

Mark Thomas who leads NTT Ltd.’s Global Threat intelligence Center, comments: “The technology sector experienced a 70% increase in overall attack volume. Weaponization of IoT attacks also contributed to this rise and, while no single botnet dominated activity, we saw significant volumes of both Mirai and IoTroop activity. Attacks on government organizations nearly doubled, including big jumps in both reconnaissance activity and application-specific attacks, driven by threat actors taking advantage of the increase in online local and regional services delivered to citizens.”

2020 GTIR key highlights:

• Websites posing as ‘official’ source of COVID-19 information, but host exploit kits and/or malware – created at an incredible rate, sometimes exceeding 2000 new sites per day.
• Most common attack types accounted for 88% of all attacks: Application-specific (33%), web application (22%), reconnaissance (14%), DoS/DDoS (14%) and network manipulation (5%) attacks.
• Attackers are innovating: By leveraging artificial intelligence and machine learning and investing in automation. Some 21% of malware detected was in the form of a vulnerability scanner, which supports the premise that automation is a key focus point of attackers.
• Weaponization of IoT: Botnets such as Mirai, IoTroop and Echobot have advanced in automation, improving propagation capabilities. Mirai and IoTroop are also known for spreading through IoT attacks, then propagating through scanning and subsequent infection from identified hosts.
• Old vulnerabilities remain an active target: Attackers leveraged those that are several years old, but have not been patched by organizations, such as HeartBleed, which helped make OpenSSL the second most targeted software with 19% of attacks globally. A total of 258 new vulnerabilities were identified in Apache frameworks and software over the past two years, making Apache the third most targeted in 2019, accounting for over 15% of all attacks observed.
• Attacks on Content Management Systems (CMS) accounted for about 20% of all attacks: Targeting popular CMS platforms like WordPress, Joomla!, Drupal, and noneCMS, cyber criminals used them as a route into businesses to steal valuable data and launch additional attacks. Additionally, more than 28% targeted technologies (like ColdFusion and Apache Struts) support websites.

The 2020 GTIR also calls last year the ‘year of enforcement’ as the number of Governance, Risk and Compliance (GRC) initiatives continues to grow, creating a more challenging global regulatory landscape. Several acts and laws now influence how organizations handle data and privacy, including the General Data Protection Regulation (GDPR), which has set a high standard for the rest of the world, and The California Consumer Privacy Act (CCPA) which recently came into effect. The report goes on to provide several recommendations to help navigate compliance complexity, including identifying acceptable risk levels, building cyber-resilience capabilities and implementing solutions that are secure-by-design into an organization’s goals.

To learn more about how this year’s GTIR offers organizations a robust framework to address today’s cyber threat landscape, and to learn more about the emerging trends across different industries and regions, including the Americas, APAC and EMEA, follow the link to download the NTT 2020 GTIR.

-ENDS-

About NTT Ltd.

NTT Ltd. is a leading global technology services company. We partner with organizations around the world to shape and achieve outcomes through intelligent technology solutions. For us, intelligent means data driven, connected, digital and secure. As a global ICT provider, we employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries, trading in 73 countries and delivering services in over 200 countries and regions. Together we enable the connected future.

Visit us at hello.global.ntt

About the 2020 GTIR

The report provides a comprehensive view of the types of threats impacting global organizations, together with emerging trends across different industries and regions, including the Americas, APAC and EMEA. NTT summarizes data from trillions of logs and billions of attacks for the 2020 GTIR, the eighth annual report, which analyzes trends based on log, event, attack, incident and vulnerability data from NTT Group companies.

Methodology for the Global Threat Intelligence Report (GTIR)

The NTT 2020 Global Threat Intelligence Report contains global attack data gathered from NTT and supported operating companies from October 1, 2018 to September 31, 2019. The analysis is based on log, event, attack, incident and vulnerability data from clients. Leveraging the indicator, campaign and adversary analysis from our Global Threat Intelligence Platform has played a significant role in tying activities to actors and campaigns.

NTT gathers security log, alert, event and attack information from which it enriches and analyses contextualized data. This process enables real-time global threat intelligence and alerting. The size and diversity of our client base, with over 10,000 security clients on six continents, provides NTT Ltd. with security information which is representative of the threats encountered by most organizations.

The data is derived from worldwide log events identifying attacks based on types or quantities of events. The use of validated attack events, as opposed to the raw volume of log data or network traffic, more accurately represents actual attack counts. Without proper categorization of attack events, the disproportionately large volume of network reconnaissance traffic, false positives, authorized security scanning, and large floods of DDoS monitored by Security Operations Centers (SOCs), would obscure the actual incidence of attacks.

The inclusion of data from the 10 SOCs and seven research and development centers of NTT provides a highly accurate representation of the ever-evolving global threat landscape.

For more information, please contact:

NTT (Security Division)
Origin Communications
+44 (0)20 3814 2940
globalntt@origincomms.com