SERT Quarterly Threat Report Q3 2016

The Security Engineering Research Team (SERT) Quarterly Threat Report for Q3 2016 contains analysis of events identified through global visibility of the NTT Security client base. This quarter’s report contains observations and analysis of attack types and sources as well as research regarding global threat visibility; research into the health care industry and it’s attack profile; the evolution in Tactics, Techniques and Procedures (TTPs) – the “Direct Cash Back” Model; putting the SWIFT threat in perspective; and research about the Netcore/Netis router vulnerability.

Key findings in the new report include:

  • Finance was the most attacked industry in Q3 ‘16, with 23 percent of all attacks. Others in the top five industries were retail (19 percent), manufacturing (18 percent), technology (12 percent) and health care (11 percent).
  • 43 percent of attacks against finance were web application attacks, with SQL injection as the most common attack method.
  • NTT Security observed widespread increases in brute force attacks, highlighted by a 4,800 percent increase in brute force attacks in the retail industry.
  • 73 percent of malware delivered to the health care industry was from spam email with malicious attachments.
  • NTT Security detected a 17 percent increase in ransomware infections in the health care industry from Q2 ’16 to Q3 ’16.
  • Analysts have observed a shift in TTPs, from selling stolen data to more “direct cash back” revenue models like ransomware and Business Email Compromise (BEC) attacks.
  • NTT Security detected an increase in attacks actively targeting a 2014 vulnerability in the Netcore/Netis router from almost 9,000 unique IP addresses spanning 1,427 businesses in over 110 countries.

If you would like to get a copy of the report listed above simply email: