2017 Global Threat Intelligence ReportBlog
This year’s Report unveils some interesting – and concerning – trends and developments. Here are my top five:
1. Cybercriminals are increasingly setting their sights on the government sector
Our analysis reveals that cyber attacks on the government sector doubled in 2016, hiking to 14% from 7% of all cybersecurity attacks in 2015.
Governments all over the world are constantly under the threat of sophisticated attacks launched by rival nation-states, terrorist groups, hacktivists, and cyber criminals. That’s because government agencies hold vast amounts of sensitive information – from personnel records, budgetary data, and sensitive communications, to intelligence findings. What’s interesting is that this year we saw numerous incidents involving insider threats.
We believe that a number of global geo-political events could have contributed to the government sector being a cybersecurity attack target. These include:
- the US presidential election campaign
- a new US administration with a more aggressive stance toward China and North Korea
- China adopting a more aggressive policy stance in securing its vital ‘core interests’
- US and European Union-led economic sanctions against Russia
- Russian state-sponsored actors continuing cyber operations against Western targets
- growing negative sentiment in the Middle East against the West’s aggression towards Syria
2. Attacks on the finance sector are also on the rise
Attacks on the finance sector also rose dramatically, accounting for 14% of all attacks in 2016, compared to just 3% in 2015.
The ongoing and increasing attacks in the financial services industry come as no surprise. Cybercriminals follow the money. In addition, these organisations have large amounts of digital assets and sensitive customer data. Gaining access to them enables cybercriminals to monetise personally identifiable information and credit card data in the underground economy.
3. The US is still the major source of cyber attacks
Of all attacks detected in 2016, 63% originated from IP addresses in the US.
While this is slightly lower than the 2015 figure (65%), the US has consistently been the major source of hostile activity for the last few years.
Our research suggests that the US is the predominant location of cloud-hosted infrastructure globally. The market is highly concentrated, competitive, and mature which makes cloud-based service offerings more cost-effective in the country.
Clouds by their very nature are designed to be scalable, flexible, and reliable. Threat actors often utilise public cloud to orchestrate attacks due to the relatively low cost and stability of this infrastructure. This creates the perfect environment for adversaries to leverage in order to conduct cyber attack campaigns.
4. The UK is the number one source of non-US based attacks for the second consecutive year
Attacks from addresses based in the UK accounted for 4% of all attacks, compared to 5% in 2015. China was the source of the third-largest number of attacks (3%), up from fourth position in 2015 (4%).
The top five attack source countries accounted for 75% of all identified attacks in 2016.
The UK, France, and Norway have historically been considered ‘first world’ countries. Technology dependence has seen mass adoption of infrastructure and rapid deployment of emerging technologies, such as Internet of Things (IoT) devices.
China and Russia, which round out the remaining top five positions, were once considered –‘second world’ countries based on political and economic divisions. Interestingly, the global media tends to report on these sources as propagating significant malicious activity in comparison to other countries. Collectively, they make up less than 15% of attacks globally.
5. Denial-of-service (DoS) or distributed-denial-of-service (DDoS) attacks are on the increase
In 2016, we saw a marked rise in DoS or DDoS attacks (6%), up from 3% in 2015. Interestingly however, DDoS attacks accounted for over 16% of all attacks from Asia, and 23% of all attacks from Australia.
Our research identified that this upswing was related to the proliferation of Internet-connected IoT devices that lack sufficient security controls. Non-secure default configurations, weak passwords, and a lack of patch management and vendor accountability continue to be cause for concern.
For more insights and analysis of the global cyber threat landscape, download the Executive’s Guide to the 2017 Global Threat Intelligence Report or listen to webinar here