The NTT Security SERT Q4 ‘16 Threat Intelligence Report

Key points: decline in attacks, challenges in securing the retail industry, and an apparent increase in nation state-sponsored cyberattacks

Danika Blessman

January 26, 2017 - Posted by Danika Blessman to Threat Intelligence

NTT Security SERT Q4 Threat Intelligence Report

The NTT Security SERT (Security Engineering Research Team) released its Q4 ‘16 Threat Intelligence Report today.

During Q4 ’16, NTT Security researchers observed a noticeable shift in the types of attacks from previous quarters – particularly exhibited by a much narrower scope of attack vectors. Several vulnerabilities such as Oracle Server Backup in the retail industry and Linux password files in the finance industry were specifically targeted – likely indicative of criminals identifying specific flaws and crafting attacks to fit, a sign of more sophisticated and directed efforts.

This shift was also evident in an overall 35 percent decrease in total security-related events across client networks from Q3 ’16 to Q4 ’16, including continued declines of 25 percent in... read more >

The NTT Security SERT Q3 ‘16 Threat Intelligence Report

Ransomware in the health care industry, the ‘direct cash-back’ revenue model, targeting the Internet of Things (IoT), securing SWIFT networks, and a notable decrease in reconnaissance activity.

Danika Blessman

October 20, 2016 - Posted by Danika Blessman to Threat Intelligence

SERT Threat Report Q3 2016

The NTT Security SERT (Security Engineering Research Team) released its Q3 ‘16 Threat Intelligence Report today.

During Q3 ’16, NTT Security researchers observed attacks which exhibited the same characteristics as those a year ago in Q3 ’15 – a notable decrease in reconnaissance and an increase in application attacks, with attackers likely maintaining a persistent presence in the target environment.

NTT Security observed a 38 percent drop in security-related events from Q2 ’16 to Q3 ’16. While that seems like an amazing statistic, it included a dramatic 91 percent decrease in reconnaissance and a 64 percent decrease in suspicious activity, which may indicate more of a change in focus than a dramatic fall off in attack volume.

... read more >

Black Energy Malware is Back...and Still Evolving

Danika Blessman

January 18, 2016 - Posted by Danika Blessman to Threat Intelligence

Industrial Control Systems

Black Energy (BE) malware is back in the news as of early January 2016. This time it is being blamed for contributing to a power outage on December 23, 2015 in Ukraine, which left nearly half the populace in the Ivano-Frankivsk region without power for several hours.

Discovered in 2007, BE was originally designed as a distributed-denial-of-service (DDoS) toolkit but has since evolved to its current state, supporting a multitude of plug-ins. The newest features of the BE malware include:

  • KillDisk, a destructive data-wiping utility capable of destroying an estimated 4000 file types, including registry files. This function could render the host unbootable, and depending on the infected host, could have dire consequences. Based on the malware’s typical target set of Industrial Control Systems (ICS), an infected host could prove to be disastrous, not to mention expensive.
  • Researchers also identified a previously unknown Secure Shell (SSH) backdoor...
read more >

Adobe Flash in the Zero Day Spotlight Again

Danika Blessman

December 28, 2015 - Posted by Danika Blessman to Threat Intelligence

Siren

On December 28, Adobe published a new version of Flash Player to secure 19 flaws in its code, updating a version of Flash which Adobe released earlier this month. Today’s release patches these 19 flaws, including multiple zero day vulnerabilities. Of these, CVE-2015-8561 is being actively exploited in the wild.

Adobe states this vulnerability “is being used in limited, targeted attacks” and described it as “an integer overflow vulnerability that could lead to code execution.” The only observed exploitation to date has been via a phishing campaign.

Below are several additional zero day vulnerabilities Adobe addressed in this out-of-band security advisory, APSB16-01. Quoted directly from the Adobe website Security... read more >

Juniper Discovers Severe Vulnerabilities from Unauthorized Code in ScreenOS

Danika Blessman

December 18, 2015 - Posted by Danika Blessman to Threat Intelligence

Siren - ETA

On December 17, Juniper Networks published an out-of-cycle security announcement regarding a severe vulnerability their own security researchers had discovered in ScreenOS. These vulnerabilities affect any products and platforms running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, covered under CVE-2015-7755.

Security researchers discovered the vulnerability during an internal code review and identified two specific issues. The first could allow unauthorized remote administrative access to an affected NetScreen firewall via Telnet or SSH, possibly leading to compromise of the affected system. The second issue, per the Juniper Networks... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS