Trends in the digital threat landscape support the urgent need for strong data security foundations. With the publication of the “NTT Security SERT (Security Engineering Research Team) Q3 ‘16 Intelligence Report,” a few truths are emphasized: Malware represents an unyielding threat, especially to the healthcare and finance industries.
NTT Security, a security consulting and managed security services provider publishes monthly, quarterly, and annual threat reports, highlighting the prevailing trends in the global landscape. The Q3 2016 Intelligence Report is the most current quarterly report available.
Drill into Key Report Findings
Heading into Q3 of 2016, researchers noticed the emergence of several patterns. In Q3 of 2015 and 2016, network detection activities dropped as application attacks rose. From Q2 to Q3 in 2016, the number of recorded security events decreased by 38%. Rather than suggesting a safer landscape, researchers indicate the drop may represent a shift in attacker focus.
Figure 1: Change of focus in attacks from 2016 Q2 and Q3
Source: NTT Security SERT Q3 Threat Intelligence Report
Other key findings that provide insights into data security:
- Attackers targeted the finance industry the most during Q3 ’16, followed by retail, manufacturing, technology, and healthcare. While healthcare only represented 11% of attacks in Q3, the impact of these attacks creates significant fallout.
- Within the attacks on the financial industry, 43% were web application attacks involving SQL injections.
- At 73%, the majority of malware attacks reported in the healthcare industry came from malicious email attachments.
- From Q2 to Q3 ’16, ransomware attacks in the healthcare industry rose by 17%, and 35% of those infections were Cerber variations. (Cerber is a ransomware-type malware that infiltrates systems, encrypting various file types including .jpg, .doc, .raw, .avi, etc., according to Tomas Meskauskas, writing for PCRisk.com.)
- From May to September, brute force attacks rose significantly.
With these insights, researchers understood the potential for a more active attack landscape in Q4 ’16. Rather than secure data to sell later, hackers sought direct cash back attacks such as ransomware. Protected health information and financial records represent high worth data, and IoT only increases the number of possible backdoor vulnerabilities.
Shifts in TTP Heighten Security Risks
Changing TTP (tactics, techniques, and procedures) within the threat landscape support hacking trends recorded in Q3 ’16. Many security researchers have dubbed 2016 as the “year of ransomware.” Gone are the days when hackers carefully guarded malware strains as personal property. Today, cybercriminals do not need malware development expertise to acquire and use ransomware. Using bitcoin to maintain anonymity, attackers easily and safely secure funding without concern of reprisal.
BEC (business email compromise) targets unassuming employees, who believe they are simply doing their jobs. These social engineering attacks deliver an almost immediate return on investment, which incentivizes the activity. The FBI estimated that criminals attempted to steal $3.1 billion from companies during the first half of 2016. One scam was especially successful—criminals impersonated executives to request large wire transfers.
A change in tactics likely foreshadows a widespread problem with certain types of attacks. As more criminals gain access to malicious code and manipulate honest employees, your organization should strategize how to mitigate the success of these attacks.
Address Key Attack Possibilities for Improved Security
The report trends underscore the challenges certain industries face for the near future, and especially call out issues in the financial and healthcare sectors. Criminals create new tactics at a very fast pace, and each quarter represents an opportunity for organizations to shore up defenses. Ransomware is on the rise with no indication of decelerating, and social engineering scams will persist until employees have the proper training. The patterns within the threat intelligence report are consistent with last year’s threat landscape, giving businesses an opportunity to prepare for similar attacks in the future.
To mitigate future attacks, organizations across high-risk industries can continue to invest in proven tactics and techniques to reduce the risk of security breaches:
- Explore managed hosting for improved security. Managed hosting solutions provide both operational support and increased security. Businesses that handle sensitive data, including Health Insurance Portability and Accountability Act (HIPAA)-covered entities and financial institutions, can reduce security breach risks with secure and regulatory focused hosting solutions. Managed hosting solutions secure data at multiple levels and log all data interactions for improved security monitoring and compliance.
- Educate and train employees. Users need to know how to avoid falling victim to a social engineering scam. Develop privacy policies and security awareness programs to develop standards and perform ongoing knowledge sharing. Simple security practices, such as reporting and password management, reduce the risk of security breaches.
- Protect network connected IoT devices. As attackers focus more on generating a financial return on investment over data acquisition, businesses need to focus on preventing system access. Data encryption, two-factor authentication, and automated alerts all play a role in robust IoT security.
Data security is cumulative, which makes every threat landscape report a valuable planning tool. Focus on threat patterns and document each incident to make informed security investments. Security solutions that enhance compliance and create clear management controls empower businesses in high-risk fields such as finance and healthcare.
Read the full “NTT Security SERT Q3 ‘16 Threat Intelligence Report” and contact us if you have any questions or concerns.
Additional Resources on This Topic:
Photo Credit: UKNGroup Flickr via Compfight cc