Hackers changing tactics, techniques and procedures
Organizations need to conduct better penetration testing to combat continual changes in hackers’ tactics, techniques and procedures (TTPs), according to NTT Security.
“Our Q3 2016 report confirms that hackers are relentless and constantly employing new means to penetrate networks to steal confidential data,” said Rob Kraus, Director, Security Research and Strategy, NTT Security. “Organizations’ first line of defense is to determine where and how these attacks are taking place so they can deploy the most efficient and appropriate network security solutions to minimize their exposure and liabilities.”
The report cites an increase in the type and sophistication of attacks during Q3 ’16 across a broad range of industries with finance being the most affected, followed by retail and manufacturing.
Further, traditional hacking is being supplemented by other, more sinister attacks such as “direct cash back” models including ransomware and Business Email Compromise (BEC) attacks.
Key findings
- Finance was the most attacked industry in Q3 ‘16, with 23 percent of all attacks. Others in the top five industries were retail (19 percent), manufacturing (18 percent), technology (12 percent) and healthcare (11 percent).
- 43 percent of attacks against finance were web application attacks, with SQL injection as the most common attack method.
- There have been widespread increases in brute force attacks, highlighted by a 4,800 percent increase in brute force attacks in the retail industry.
- 73 percent of malware delivered to the healthcare industry was from spam email with malicious attachments.
- NTT Security detected a 17 percent increase in ransomware infections in the healthcare industry from Q2 ’16 to Q3 ’16.
- Analysts have observed a shift in TTPs, from selling stolen data to more “direct cash back” revenue models like ransomware and Business Email Compromise (BEC) attacks.
- Researchers detected an increase in attacks actively targeting a 2014 vulnerability in the Netcore/Netis router from almost 9,000 unique IP addresses spanning 1,427 businesses in over 110 countries.
As organizations consider how to better protect their security infrastructure against these attacks, Kraus notes that many are turning to external managed security services (MSS) to help them identify network vulnerabilities. Through a red team’s comprehensive penetration testing, clients can determine where they need to optimize network security programs, make better informed decisions, achieve compliance and reduce costs.
“Comprehensive and customized MSS platforms will play an increasingly important role in leveling the cybersecurity playing field. The first step in implementing an effective MSS solution is to determine where the problems exist so they can be resolved,” Kraus emphasizes.