NTT Innovation Institute (NTT I3) is pleased to announce the release of the 2015 NTT Global Threat Intelligence Report (GTIR). Once again, NTT i3 worked together with the NTT Group security companies to analyze the attacks, threats and trends from the previous year. Based on the analysis, NTT i3 has created an online digital Global Threat Intelligence Report (viewable at NTTGroupsecurity.com) that lets users grasp the threat landscape in an interactive manner. The resulting report combines an analysis of over six billion attacks observed in 2014 with an interactive data review and ongoing daily global threat visualization.
The report is focused on the changing threat landscape and the quantifiable shifts over the last year that alter corporate risk, and require a reevaluation of risk posture which requires organizational security transformation. Using this awareness, business and security leaders will be able to focus the security goals addressing the threat and security investment of their enterprises on the things that are most impacting their organizations. The report delves into detailed analysis of the changing infiltration tactics, the commoditization of malicious capabilities, spread of the threat and how the business of cybercrime is responding to successful defensive strategies with rapidly adapting tactics. Some of the key finding of the report include:
- During 2014, 76% of identified vulnerabilities throughout all systems in the enterprise were more than 2 years old, and almost 9% of them were over 10 years old.
When vulnerabilities of medium risk in the Common Vulnerability Scoring System (CVSS) of 4.0 or higher are considered this highlights that even widespread scares such as Heartbleed and Shellshock have little long term effect on corporate risk management process and companies are still not effective at shedding their legacy vulnerabilities.
- Across the world, an astounding 56% of attacks against the NTT global client base originated from IP addresses within the United States.
However, this is not due to the attackers being within the United States, but rather represents threat actors leveraging cheap cloud or vulnerable infrastructure within the US as an intermediary. This benefited the attacker by often being closer to their target and from more trusted geolocation.
- Of the vulnerabilities discovered across enterprises worldwide, 17 of the top 20 exposed vulnerabilities resided within user systems and not on servers.
This risk represents a return to some of the roots of information security. The users and their wide range of mobile laptops are once again representing a return of risk that has largely been only lightly addressed by many organizations.
- Threats against the end user are higher than ever, attacks show a clear and continuing shift towards success in compromising the end point.
During every week of 2014, there was a measureable drop in detected attacks on weekends and holidays when workers were not in the office. On weekends and holidays, the workers are not in the office and end-user systems are either turned off, or not being used. This major drop in weekend attacks demonstrates that organizational controls are detecting security events related to end users.
- Distributed Denial of Service (DDoS) attacks changed in nature with a massive shift towards amplification attacks using Universal Datagram Protocol (UDP) protocols and this accounted for 63% of all DDoS attacks observed by NTT Group.
Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and Domain Name Service (DNS) were used in the vast majority of all DDoS attacks. Many of these attacks come from subverting exposed services in consumer based services (such as home Internet routers) to create DDOS traffic.
- Attacks against Business & Professional Services increased from 9% to 15%
The attacks increased by more than 50% year on year and are the result of the risks inherited through business-to-business relationships. The likely implication is that this sector is generally softer, but high value targets for attackers.
This year’s report speaks to these issues and many others that occurred over 2014. It also focuses on how organizations can address the security challenges they represent through detailed analysis, remediation strategies, interactive infographics and case studies applicable to small, medium and large enterprises around the globe. The report was developed using NTT’s Global Threat Intelligence attack data from the NTT Group companies — including Solutionary, NTT Com Security, Dimension Data, NTT DATA, NTT R&D and NTT Innovation Institute, Inc. The key findings in the 2015 Global Threat Intelligence Report are a result of the analysis of approximately six billion worldwide verified attacks over the course of 2014. The data for this report were collected from sixteen Security Operations Centers (SOC) and seven R&D centers, and supported by the thousands of NTT security specialists, professionals and researchers from around the world.