Security Blogs Focused on Threat Intelligence

The 2017 Global Threat Intelligence Report is out now

Jon-Louis Heimerl

April 25, 2017 - Posted by Jon-Louis Heimerl to Threat Intelligence

GTIR

We are excited to announce the publication of our new Global Threat Intelligence Report (GTIR). The report is our most comprehensive one yet. Analyzing content from NTT Group companies and data from our new Global Threat Intelligence Center, the GTIR highlights the latest phishing and ransomware attack trends, and the impact of today’s threats against global organizations.

Most cybersecurity reports are meant for security professionals. They are not intended for use by anyone without significant security knowledge and experience. But we have taken a different approach for this year’s GTIR. We want to provide a resource for educating everyone with security responsibilities, from security and IT professionals through to executives, management, and end users. In today’s... read more >

The NTT Security Global Threat Intelligence Center (GTIC)

Global visibility, leadership and roadmap empowering detection capabilities

Rob Kraus

April 11, 2017 - Posted by Rob Kraus to Threat Intelligence

Threat Intelligence

In a recent press release, NTT Security announced the formation of the Global Threat Intelligence Center (GTIC) as a natural evolution of the previously established Security Engineering and Research Team (SERT). As a founding member of the legacy SERT, and current director within the GTIC organization, I am excited to be part of this next great step.

This move marks a significant point in the future of NTT Security in its ability to address security threats, as NTT Security must bring together its international threat intelligence assets, to further enhance our global capabilities.

The GTIC’s mission, under the leadership of Steven Bullitt (VP Global Threat Intelligence), is to apply actionable and detailed insight with a focus on reducing risk for clients and customers. GTIC will... read more >

Apache Struts 2 Exploit Analysis

Data Analysis of CVE-2017-5638 Exploit Attempts

Terrance DeJesus

March 23, 2017 - Posted by Terrance DeJesus to Threat Intelligence

A major vulnerability, the Apache Struts 2 0-Day vulnerability (CVE-2017-5638), was recently discovered on March 6, 2017. Here at NTT Security, we analyze these types of vulnerabilities, setup detection capabilities and analyze any exploit attempts by threat actors as detected via the NTT Security Global Managed Security Services Platform.

This blog takes a further look, via data analysis, into the active exploit attempts of the Apache Struts 2 0-Day vulnerability as seen in the NTT Security Global Managed Security Services Platform. Through our analysis, we were able to uncover the source of the attacks, industries targeted, malware samples, and more. Additionally, based on our research, we were able to conclude that exploit attempts for this vulnerability will remain popular for some time, and have listed migitation and recommended actions further below in this blog to avoid future exploit attempts.

Background

On March 6, Apache released a... read more >

Fileless Malware

Memory Forensics Comes into the Light

David Biser

March 02, 2017 - Posted by David Biser to Threat Intelligence

Metasploit

Recently, fileless malware has shown up in numerous LinkedIn articles, blog posts and research papers. It’s being discussed as the “new” threat to watch out for. I agree that this is an important topic, but I do not agree that it is a new threat. Rather, it has been a threat long ignored and is now being rapidly exploited by attackers.

To give some information about the threat, fileless malware is found only in memory, not in a file on disk. This attack is actually using Meterpreter code inside the physical memory of a domain controller. Along with the presence of Meterpreter, analysts discovered the use of PowerShell scripts within the Windows Registry. For those who are unaware, Meterpreter is a tool from the Metasploit framework, a free hacking tool commonly used by both penetration testers and criminal hackers. Once the attackers have successfully installed Meterpreter, they use various scripts to install a malicious service on the targeted host. After... read more >

The NTT Security SERT Q4 ‘16 Threat Intelligence Report

Key points: decline in attacks, challenges in securing the retail industry, and an apparent increase in nation state-sponsored cyberattacks

Danika Blessman

January 26, 2017 - Posted by Danika Blessman to Threat Intelligence

NTT Security SERT Q4 Threat Intelligence Report

The NTT Security SERT (Security Engineering Research Team) released its Q4 ‘16 Threat Intelligence Report today.

During Q4 ’16, NTT Security researchers observed a noticeable shift in the types of attacks from previous quarters – particularly exhibited by a much narrower scope of attack vectors. Several vulnerabilities such as Oracle Server Backup in the retail industry and Linux password files in the finance industry were specifically targeted – likely indicative of criminals identifying specific flaws and crafting attacks to fit, a sign of more sophisticated and directed efforts.

This shift was also evident in an overall 35 percent decrease in total security-related events across client networks from Q3 ’16 to Q4 ’16, including continued declines of 25 percent in... read more >

The NTT Security SERT Q3 ‘16 Threat Intelligence Report

Ransomware in the health care industry, the ‘direct cash-back’ revenue model, targeting the Internet of Things (IoT), securing SWIFT networks, and a notable decrease in reconnaissance activity.

Danika Blessman

October 20, 2016 - Posted by Danika Blessman to Threat Intelligence

SERT Threat Report Q3 2016

The NTT Security SERT (Security Engineering Research Team) released its Q3 ‘16 Threat Intelligence Report today.

During Q3 ’16, NTT Security researchers observed attacks which exhibited the same characteristics as those a year ago in Q3 ’15 – a notable decrease in reconnaissance and an increase in application attacks, with attackers likely maintaining a persistent presence in the target environment.

NTT Security observed a 38 percent drop in security-related events from Q2 ’16 to Q3 ’16. While that seems like an amazing statistic, it included a dramatic 91 percent decrease in reconnaissance and a 64 percent decrease in suspicious activity, which may indicate more of a change in focus than a dramatic fall off in attack volume.

... read more >

The SERT Q2 ‘16 Quarterly Threat Intelligence Report

Shrinking variety of attacks, inside Business Email Compromises, update on ransomware, perspective on China’s new Five Year Plan, and highlights from PCI DSS 3.2.

Jon-Louis Heimerl

July 26, 2016 - Posted by Jon-Louis Heimerl to Threat Intelligence

The Solutionary Security Engineering Research Team  (SERT) released its Q2 2016 Threat Intelligence Report today.

Solutionary observed a flattening of attack types during Q2 ’16. In recent quarters, web applications made up as much as 42 percent of observed attacks. In Q2 ’16, web application attacks made up 24 percent of such attacks. The top three attack types – web-application... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS