Global Threat Intelligence Report trends: the latest in cybersecurity threats

NTT’s Global Threat Intelligence Report (GTIR) is a comprehensive report providing insights into the latest cyber security threats and trends. This year's report is based on data collected throughout 2021 from 1500 enterprise customers, with over 800 billion logs processed per month, and it provides an in-depth look at the latest threats facing businesses and individuals around the world.

You can download the full report here or keep reading for a quick-fire version of the five biggest insights.

Essential insights from our Global Threat Intelligence Report

Attacks shift to critical infrastructure and supply-chains

In 2021, attacks more than doubled in the technology, telecommunications and transport and distribution sectors — the industries the world has been relying on as a result of the pandemic.

Finance and education were also prominent targets.

This reflects a change in focus for cybercriminals, who are now targeting the critical infrastructure and supply chains that keep economies going.

What can we do to avoid this in 2022?

Organizations need to be aware of the potential for increased attacks on critical infrastructure and work to harden these systems against attack. This includes patching vulnerabilities, implementing security controls, and monitoring for suspicious activity.

One way is to use an MDR (managed detection and response) security solution to empower faster, more comprehensive threat detection and response. MDR services provide 24/7 monitoring and analysis of network activity, bringing human analysts together with AI-powered tools to quickly identify and respond to threats. MDR services can also help organizations meet compliance requirements and protect their business reputation.

Learn more about how MDR stacks up against other cybersecurity solutions here.

Cloud migration is shaping global attacks

The pandemic accelerated many businesses' cloud migration as organizations seek solutions to keep their operations running in the event of another, or similar, outbreak. By moving to the cloud, businesses can access their data and applications from any location, and they can also lean on the cloud provider's security infrastructure to help protect them from cyber threats.

That said, while contemporary cloud-based environments provide the ability to be resilient and secure, some organizations are not aware or have not implemented the controls that are often included. As a result, attackers can take advantage of the fact that businesses are often in a hurry to migrate their data and applications to the cloud and forget about these capabilities, or simply lack cloud engineering skills to be able to implement them.

Consequently, our report found an increasing number of software application attacks as organizations rapidly migrate data and applications into cloud-based environments. Web application (42%) and application-specific (30%) attacks combine to account for 72% of all attacks.

What can we do to avoid this in 2022?

As we can see, cloud migration is not without its risks, and businesses need to take care when choosing a cloud provider.

Organizations need to ensure that their cloud environments are properly configured and secured, that they have the appropriate security controls in place, that data is encrypted, and that it is backed up regularly. As mentioned the skills gap is ever present, this can be aggressed with consulting services in the short term while existing staff skill up. Irrespective, the threats will come, as such organizations should also monitor for suspicious activity and investigate any incidents that occur using a solution such as Samurai MDR.

Trojan deployments soar as botnets re-emerge

A botnet is a network of computers that have been infected with malware, allowing the attacker to control them remotely. The infected computers are known as bots or zombies and can be used to launch attacks on other systems, send spam emails, or steal data. Trojans are a type of malware that allows the attacker to control the infected computer remotely.

In 2021, we saw a 50% increase in malware led by trojans and botnets. Trojans accounted for 65% of malware in 2021, which is a 35% increase from 2020, followed by botnets which accounted for 11%.

What can we do to avoid this in 2022?

Trojans and botnets can be very difficult to detect and remove. They can also cause a lot of damage to an organization's network. It is important to have a good anti-malware solution in place and to keep your systems up-to-date with the latest security patches.

One of the best ways to protect your organization from cyber threats is to monitor your network for suspicious activity. This includes monitoring for malicious or unauthorized activity, as well as activity that may be indicative of a breach. Oh, did we mention patching? Yup, prevention is better than staring down another incident.

Prevention is great but you must be vigilant. As each new day brings more zero threat threats, it’s here that MDR solutions add value again — especially if your MDR team is using XDR technology. XDR, Extended Detection and Response, collates security information from all layers of the environment in one, central interface. It also offers next-level telemetry to monitor all of your business’s endpoints, no matter where they are in the world. Together, this breadth of reach and centralization of data means your business is secured more tightly and proactively than ever before.

Ransomware prevalence impacting business continuity

Ransomware is a type of malware that encrypts files or systems and then demands a ransom be paid to the attacker in order to decrypt the data. Ransomware attacks can have a significant impact on business continuity, as they can result in loss of access to critical data or systems.

In 2021, almost a quarter of all incident response engagements with NTT's Digital Forensics and Incident Response team were related to ransomware — a 240% growth from just 7% in 2019. This rise is likely due to the increased use of remote working, cloud-based applications and services, which provide attackers with more opportunities to target organizations.

The most common method of ransomware infection was via emails with embedded malicious links or attachments. The industries hit the hardest were retail (19%), manufacturing (11%) and insurance (11%).

What can we do to avoid this in 2022?

Organizations need to be aware of the risks posed by ransomware and take steps to protect their systems. This includes implementing security controls, monitoring for suspicious activity, and investigating any incidents that occur.

Taking steps to protect your organization can look like:

• Implementing a comprehensive security solution that includes email filtering and malware detection.
• Training employees on how to identify phishing emails and making sure they know not to click on any links or attachments from unknown senders.
• Ensuring a thorough and frequent backup solution in place, so that you can recover your data if it is encrypted by ransomware.

Organizations should also have a plan in place for how to respond if they do become victims of a ransomware attack. If that happens, you are in good shape if you have an action plan, which may include the following steps:

1. Create regular backups of all your critical systems and importantly - TEST them periodically!
2. Disconnect the infected system from the network - (not a guarantee to minimize damage)
3. Contact law enforcement.
4. Ensure the malware is no longer present - else don't do the next step.
5. Restore files from the backup.
6. Stay vigilant and monitor for re-emergence via different paths.

As a last resort, organizations may need to consider paying the ransom (if you have cyber insurance, check if this is included in your policy) if there is no other way to decrypt the data. However, only do this after consulting with law enforcement and security experts. Sad but true, these criminals want repeat business, so organizations that pay the ransom are likely to get their data back.

Tackle the latest cybersecurity threats with the latest cybersecurity solutions

The global threat landscape is constantly changing and organizations need to be aware of the latest threats in order to protect their networks. By implementing a comprehensive security solution and monitoring your network for suspicious activity, you can help protect your organization from the latest cyber threats.

NTT Security's Global Threat Intelligence Report provides in-depth insights into the latest cyber security threats. Download the full report to learn more about the trends that are impacting businesses today and find out what you can do to protect your organization. And then contact the team to learn how Samurai’s MDR + XDR solutions can fight, and win, the battle for you.