Managed Security Service Provider (MSSP) Solutionary, and MSPAlliance member, today published its Global Threat Intelligence Report (GTIR). Produced by the Solutionary Security Engineering Research Team (SERT), the report offers analysis on a variety of cyberthreats facing enterprises, governments, and mid-market oragnizations during 2012. The report is available at http://go.solutionary.com/GTIR.html.
The report was compiled from thousands of customers via the Solutionary ActiveGuard® service platform as well as from global threat intelligence sources and real-world interactions with customers in 14 industries across the globe. Below is a summary of some of the most salient findings:
- DDoS and malware infection recovery is costing organizations thousands of dollars per day – In case studies, it is revealed that organizations are spending as much as $6,500 per hour to recover from DDoS attacks and up to 30 days to mitigate and recover from malware attacks, at a cost of just over $3,000 per day. These amounts do not include revenue that may have been lost due to related systems downtime.
- U.S. IP addresses are the largest source of attacks against U.S. organizations –While there has been considerable discussion about foreign-based attacks against U.S. organizations, 83% of all attacks against U.S. organizations originate from U.S. IP address space, and the absolute quantity of these attacks vastly outnumbers attacks seen from any other country. One contributing factor is foreign attackers using compromised machines near attack targets in the U.S. to help evade security controls. This attack localization strategy has also been observed in attacks on targets in other countries.
- Attackers from different countries focus on different industry targets – 90% of all attack activity from China-based IP addresses is directed against the business services, technology, and financial sectors. 85% of all attack activity from Japan-based IP addresses identified by Solutionary was focused against the manufacturing industry. However, attacks targeting the financial sector appear to originate fairly evenly from attackers in many countries across the world.
- Attack techniques vary significantly by country of origin – Among the top four non-U.S. source countries of attacks, the majority of attack traffic from China is indicative of communication with already-compromised targeted devices, while Japanese and Canadian attackers appear to focus more on application exploit attempts. Attacks originating from Germany involve more botnet Command and Control (C&C) activity.
- 75% of DDoS attacks targeted Secure Socket Layer (SSL) protected components of web applications – In addition to traditional network-layer attacks, recent DDoS attacks often focus on application layer components, most often SSL. Detecting and blocking attacks in encrypted protocols primarily used for legitimate traffic can be more complex than responding to historical TCP/UDP-based DDoS attacks.
- Malware attacks target the financial and retail verticals – Approximately 80% of attempts to infect organizations with malware are directed at financial (45%) and retail (35%) organizations. These attempts frequently arrive as targeted spam email, which attempts to coerce the recipient to execute an attachment or click on an infected link.
- 54% of malware evades anti-virus detection – Solutionary tests all acquired malware samples against as many as 40 different commercial and freeware anti-virus products through VirusTotal and other resources to determine each product’s effectiveness. Only 46% of samples tested were detected by anti-virus. This statistic reflects the need for organizations to maintain multiple malware detection mechanisms, as anti-virus solutions alone are insufficient.
- Java is the most targeted software in exploit kits – Java is now the most prominent software targeted in malware exploit kits, replacing Adobe® PDF exploits. Almost 40% of total exploits in exploit kits now target Java. The cross-platform nature of these two technologies likely explains their positions as leading exploit targets.
“Cyber criminals are targeting organizations with advanced threats and attacks designed to siphon off valuable corporate IP and regulated information, deny online services to millions of users and damage brand reputation,” said Don Gray, chief security strategist, Solutionary. “The Solutionary GTIR provides actionable intelligence and strategic recommendations that will allow readers to make smart decisions, strengthen their organizations’ cyber defenses and maximize the value of their security programs.”