A global data analysis of hostile activity
Solutionary’s latest Global Threat Intelligence Report contains information from 24 security operations centers, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.
The report identifies controls (based on the Center for Internet Security’s Critical Security Controls) that can be effective at each stage of the Lockheed Martin Cyber Kill Chain. Organizations that have implemented controls at each stage of the Kill Chain have an increased ability to disrupt attacks.
Hostile activity and case studies
Trend data from incident response activities illustrates on average only 23 percent of organizations are capable of responding effectively to a cyber incident. 77 percent have no capability to respond to critical incidents and often purchase support services after an incident has occurred.
Activity related to the Reconnaissance phase of the Lockheed Martin Cyber Kill Chain (CKC) accounted for nearly 89 percent of all log volume. These logs accounted for approximately 35 percent of escalated attack activity, making Reconnaissance the largest single element in the CKC.
Spear phishing attacks accounted for approximately 17 percent of incident response activities supported in 2015. In many cases, the attacks targeted executives and finance personnel with the intent of tricking them into paying fraudulent invoices.
Geographic and vertical market trends
The retail sector experienced the most attacks per client. Retail was followed by the hospitality, leisure and entertainment sector, then insurance, government and manufacturing. While the finance sector showed the highest volume of attacks overall, on a per-client basis, retail clients experienced 2.7 times the number of attacks as finance.
NTT Group observed an 18 percent rise in malware detected for every industry other than education. NTT clients from the education sector tended to focus less on the more volatile student and guest networks, but malware for almost every other sector increased.
Vulnerabilities, attacks and exploitation
Nearly 21 percent of vulnerabilities detected in client networks were more than three years years old. Results included vulnerabilities from as far back as 1999, making them more than 16 years old. This is for vulnerabilities with a CVSS score of 4.0 or higher.
DoS/DDoS attack volume fell 39 percent from levels observed in 2014. Implementation of better mitigation tools, along with fewer attacks, combined for a drop in detections of DoS and DDoS activities. But, extortion based on the victim’s paying to avoid or stop DDoS attacks became more prevalent.
All of the top 10 vulnerabilities targeted by exploit kits during 2015 are related to Adobe Flash. In 2013, the top 10 vulnerabilities targeted by exploit kits included one Flash and eight Java vulnerabilities. That has changed as new Java vulnerabilities have dropped steadily since 2013. The number of publicized Flash vulnerabilities jumped by almost 312 percent over 2014 levels.