NTT Security Q3 SERT Report Confirms Need for Organizations to Better Identify Network Vulnerabilities

OMAHA, NE--(Marketwired - Oct 20, 2016) - NTT Security today issued its quarterly threat intelligence report, confirming the need for organizations to conduct better penetration testing to combat continual changes in hackers' tactics, techniques and procedures (TTPs).

"Our Q3 '16 report confirms that hackers are relentless and constantly employing new means to penetrate networks to steal confidential data," said Rob Kraus, Director, Security Research and Strategy, NTT Security. "Organizations' first line of defense is to determine where and how these attacks are taking place so they can deploy the most efficient and appropriate network security solutions to minimize their exposure and liabilities."

The report cites an increase in the type and sophistication of attacks during Q3 '16 across a broad range of industries with finance being the most affected, followed by retail and manufacturing. Further, the report cites that traditional hacking is being supplemented by other, more sinister attacks such as "direct cash back" models including ransomware and Business Email Compromise (BEC) attacks.

As organizations consider how to better protect their security infrastructure against these attacks, Kraus notes that many are turning to external managed security services (MSS) such as NTT Security's Red Team to help them identify network vulnerabilities. Through the Red Team's comprehensive penetration testing, clients can determine where they need to optimize network security programs, make better informed decisions, achieve compliance and reduce costs.

"Comprehensive and customized MSS platforms will play an increasingly important role in leveling the cybersecurity playing field. The first step in implementing an effective MSS solution is to determine where the problems exist so they can be resolved. This is what NTT Security's Red Team can help IT professionals accomplish," Kraus emphasizes.

Key findings in the new report include:

• Finance was the most attacked industry in Q3 '16, with 23 percent of all attacks. Others in the top five industries were retail (19 percent), manufacturing (18 percent), technology (12 percent) and healthcare (11 percent).
• 43 percent of attacks against finance were web application attacks, with SQL injection as the most common attack method.
• NTT Security observed widespread increases in brute force attacks, highlighted by a 4,800 percent increase in brute force attacks in the retail industry.
• 73 percent of malware delivered to the healthcare industry was from spam email with malicious attachments.
• NTT Security detected a 17 percent increase in ransomware infections in the healthcare industry from Q2 '16 to Q3 '16.
• Analysts have observed a shift in TTPs, from selling stolen data to more "direct cash back" revenue models like ransomware and Business Email Compromise (BEC) attacks.
• NTT Security detected an increase in attacks actively targeting a 2014 vulnerability in the Netcore/Netis router from almost 9,000 unique IP addresses spanning 1,427 businesses in over 110 countries.

To access the full report, please visit: https://www.solutionary.com/threat-intelligence/threat-reports/quarterly-threat-reports/sert-threat-report-q3-2016/.

About NTT Security
NTT Security seamlessly delivers cyber resilience by enabling organizations to build high-performing and effective security and risk management programs with controls that enable the increasingly connected world and digital economy to overcome constantly changing security challenges. Through the Full Security Life Cycle, we ensure that scarce resources are used effectively by providing the right mix of integrated consulting, managed, cloud, and hybrid services -- delivered by local resources and leveraging our global capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the largest information and communications technology (ICT) companies in the world. For more information, visit www.nttsecurity.com.