Sophisticated cyber attacks increase, while overall volume falls
NTT quarterly report highlights rise in sophistication but 35 per cent drop in overall attack volumes in Q4 2016
Attack volumes dropped significantly in Q4 2016, according to a new report, which ascribes the 35 per cent decrease in security events to a move towards more targeted attacks in the latter part of the year.
Although the decrease is significant, the analysts warned that business complacency as a result would be unwise, as the annual overview for 2016 actually represented a highly concerning picture. Essentially attackers had begun the year by testing new exploits and vectors, and gradually refined them towards the end of the calendar year, presumably gaining a much higher successful compromise rate with Q4’s honed and targeted attacks.
In spite of the overall reduction in volume, by sector there were still year-on-year rises, such as in retail, where the volume of attacks against retail clients rose by about 11 per cent from 2015 to 2016, but although retail remains in the top three most attacked industries, and has done so for the last eight quarters, it is the finance sector which is seeing the highest attack volume overall, with 16 percent of all attacks detected.
The majority of attacks targeting the finance sector were related to web application attacks, and fell into one of two categories: insecure direct object reference and directory traversal attempts.
Ilia Kolochenko, CEO of High-Tech Bridge said: “Gartner highlighted in its Hype Cycle for Application Security 2016 that applications are the main source of data exfiltration, however companies still tend to underestimate the risks related to web applications, and consequently put their customers at huge risk.”
More investigation showed that the majority of these attacks were related to scanning, probing or opportunistic attempts to retrieve sensitive data - such as passwords - from common Linux files like /etc/shadow. Cybercriminals focused on investment firms and insurance companies for nearly all of these attacks. “Analysts observed large numbers of cross-site scripting (XSS) attempts in both HTTP GET and POST requests in the finance industry as well. The bulk of these attempts were identified as generic XSS attempts, designed to submit code into specific web application parameters”, said the researchers.
This is where High-Tech Bridge’s ImmuniWeb often performs far better than fully automated threat detection and attacks analysis software, as the combination of automation (via machine learning and neural networks) and human analysts means that sector-specific attack vectors or trends are not overlooked by generic reporting. Access to ImmuniWeb’s machine learning portal is 24/7 and unlimited for customers, so accessing the latest on your business is always simple and immediate. SC Media (formerly SC Magazine) positively reviewed the platform here in late 2016.
The analysis report, from NTT Security also found that Remote Code Execution (RCE) exploits in Adobe Flash Player accounted for 22 per cent of all application specific attacks.
On average, a cyber breach goes undetected for 146 days, though some state-sponsored Advanced Persistent Threat (APT) actors remain undetected for years, according to NTT. Kolochenko agreed: “The most advanced intrusions are rarely detected, and many large companies are not even aware that they were breached. Professional Black Hats have absolutely no interest in their victim becoming aware of the breach, and do their best to stay invisible by thoroughly planning every operation and deploying various smoke-screens to distract attention of security teams.”
It will be interesting to see whether the attack trends for Q1 2017 continue this targeted trajectory, or whether there is another period of exploration and development of new vectors and tools as NTT highlights in 2016. A seasonal security industry would be a fascinating development, albeit a short-term one.