More Than 75% of Ransomware Attacks Globally Occur in 4 Industries, Report Says

A new global threat intelligence report by NTT Security details which industries are proving most vulnerable to malware attacks.

OMAHA, Neb. – NTT Security, a provider of cyber resiliency services, reveals in a new global threat intelligence report that 77% of all detected ransomware from Oct. 1, 2015, to Sept. 31, 2016, occurred in four main sectors: business and professional services (28%), government (19%), healthcare (15%) and retail (15%).

The 2017 Global Threat Intelligence Report (GTIR) analyzes global threat trends based on log, event, attack, incident and vulnerability data. Analyzing content from NTT Group operating companies, including NTT Security, Dimension Data, NTT Communications and NTT Data, and data from the Global Threat Intelligence Center (formerly known as SERT), the report highlights the latest ransomware, phishing and distributed denial of service (DDoS) attack trends and demonstrates the impact of today’s threats against global organizations.

While technical attacks on the newest vulnerabilities tend to dominate the media, many attacks rely on less technical means. According to the GTIR, phishing attacks were responsible for nearly three-quarters (73%) of all malware delivered to organizations, with government (65%) and business & professional services (25%) as the industry sectors most likely to be attacked at a global level. When it comes to attacks by country, the United States (41%), Netherlands (38%) and France (5%) were the top three sources of phishing attacks.


READ NEXT: Cybersecurity Risk Is Real: SSI‘s 2017 Physical-Logical Security Assessment


According to the report, in 2016 just 25 passwords accounted for nearly 33% of all authentication attempts against NTT Security honeypots, which refer to computer security mechanisms set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.

More than 76% of log on attempts included a password known to be implemented in the Mirai botnet – a botnet comprised of Internet of Things (IoT) devices, which was used to conduct, what were at the time, the largest ever DDoS attacks.

DDoS attacks represented less than 6% of attacks globally, but accounted for over 16% of all attacks from Asia and 23% of all attacks from Australia.

Finance was the most commonly attacked industry globally, subject to 14% of all attacks. The finance sector was the only sector to appear in the top three across all of the geographic regions analyzed, while manufacturing appeared in the top three in five of the six regions. Finance (14%), government (14%) and manufacturing (13%) were the top three most commonly attacked industry sectors.

Summary of other key global findings:

  • Top attack source countries: U.S. 63%), United Kingdom (4%), China (3%)
  • 32% of organizations had a formal incident response plan up from an average of 23% in previous years
  • 59% of all incident response engagements were in the top four industries: healthcare (17%), finance (16%), business and professional services (14%) and retail (12%)
  • Over 60% of incident response engagements were related to phishing attacks
  • Incident engagements related to ransomware were the most common incidents (22%)
  • 56% of all incidents in finance organizations were related to malware
  • 50% of all incidents in healthcare organizations were related to ransomware incidents

With visibility into 40% of the world’s Internet traffic, NTT Security summarizes data from over 3.5 trillion logs and 6.2 billion attacks for the 2017 GTIR, according to the company. Analysis is based on log, event, attack, incident and vulnerability data. It also includes details from NTT Security research sources, including global honeypots and sandboxes in over 100 different countries in environments independent from institutional infrastructures.

The full 2017 GTIR report can be downloaded here.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters