NTT Security issued its quarterly Threat Intelligence Report, which underscores the need for more advanced tools to protect organizations’ data and networks from the evolving tactics, techniques and procedures used by cyberattackers. A topic of considerable public attention is the ability to determine the source of cyberattacks to determine their credibility and motivation.

“In compiling our latest Threat Intelligence Report, NTT Security analysts observed a 35 percent decrease in the number of cybersecurity attacks during Q4 2016, which is certainly a positive trend; however, it is imperative that organizations not be lulled into a false sense of security,” said Rob Kraus, director, security research and strategy, NTT Security. “At the same time, the intensity and sophistication of these attacks are on the rise. Hackers are shifting their strategy from widespread attacks to a more focused effort to compromise specific targets they can leverage, opening the door for more malicious and potentially lucrative actions.”

The report cites hackers' rampant use of “false flagging” to disguise the true source of an attack. For example, an attack may appear to have originated from a server in China or Russia when in fact the source may have actually originated from a source in the U.S. or in another country. This allows attackers to disguise their motivation, which may be establishing ongoing network access, stealing financial data or withdrawing funds directly from an organization. The report presents actionable information to help organizations better understand the evolving science of cyberforensics. This underscores the vital need to deploy advanced tools that more effectively identify where an attack originated, who is responsible and what the attackers’ true motives are, the company reported in a press release. 

Among the top targeted vertical markets for cyberattack, the Q4 report cites the retail industry as particularly attractive to hackers and security breaches. This is largely due to the fact that most retailers process customers’ credit and debit card information through their systems. The Threat Intelligence Report outlines numerous best practices that retail organizations can implement, such as deploying IT security tactics that are aligned with the Payment Card Industry Data Security Standard, which can help increase controls around cardholder data and reduce fraud.

“Based on the findings reported in our most recent Threat Intelligence Report, it is obvious that despite progress to date, organizations must continue to mature their cybersecurity controls and processes. Comprehensive, customized MSS platforms can play a growing role in achieving this goal. From determining where potential vulnerabilities exist to preventing the attacks that leverage them, the MSS offering from NTT Security provides the proven platform, expertise and experience to help IT professionals implement the advanced cybersecurity measures necessary for today’s environment,” Kraus said.

Additional findings of the NTT Security Q4 2016 Threat Intelligence Report include:

• Increased client botnet activity driven by attacks on Internet of Things (IoT) devices;
• remote code execution exploits in Adobe Flash were the most common, accounting for 22 percent of all application-specific attacks;
• DNS queries for domains with the new .pw TLD began to spike in November 2016, suggesting an increase in phishing and spam efforts;
• an 11 percent increase in the volume of attacks against retailers, with key loggers and spyware accounting for 68 percent of all malware across all retail clients;
• nation-state attacks are on the rise, with evidence of state-sponsored actions identified in two-thirds of the 30 tracked industry verticals;
• malicious traffic from Russian Federation hosts jumped from 10th place to the top 3; and
• the average length of time cyberattacks go undetected is 146 days, while some state-sponsored advanced persistent threat activities can go undetected for years.

To access the full report, please visit: go.nttsecurity.com/SERTReportQ42016.