By Christine Kern, contributing writer
The 2015 NTT Global Threat Intelligence Report concludes enterprises are not eliminating vulnerabilities to cyberattack effectively. The study found during 2014, 76 percent of vulnerabilities identified were more than two years old — and almost 9 percent of them were more than 10 years old.
The report is based on an analysis of more than six billion attacks observed in 2014 and highlights the changing threat landscape and the quantifiable shifts in 2014 that affect risk. According to NTT, while finance remains the most-targeted sector with 18 percent of all detected attacks, attacks against businesses and professional services increased from 9 percent to 15 percent.
And while malware related events in the education sector fell from 42 percent to 35 percent, the report cautioned that the education sector still experiences more than one-third of all malware-related events across all sectors, reflecting the fact that it is a popular target for such attacks.
NTT also found that 56 percent of the attacks against its client base originated from IP addresses within the United States, a 7 percent gain over 2013 data. NTT stresses that “attackers often leverage systems close to their intended targets, bypassing geo-filtering defense tactics. The United States is also a highly networked country and there is no shortage of resources for attackers to use.”
In addition, the report revealed that of the vulnerabilities discovered across enterprises worldwide, 17 of the top 20 exposed vulnerabilities resided not on servers, but within user systems, representing a return of risk that has only been lightly addressed by many organizations to date.
The 2014 report also found that more than 80 percent of vulnerabilities in 2014 exploit kits were published in 2013 and 2014; the use of Adobe Flash in exploit kits has increased since 2014; Network Time Protocol (NTP) amplification attacks contributed to almost one-third while DDoS amplification attacks using User Datagram Protocol (UDP) made up 63 percent of all DDoS attacks observed by NTT Group in 2014. And over one-quarter (26 percent) of observed web application attacks in 2014 were injection-based, marking a 9 percent increase in 2014 GTIR. The report noted, “These attacks often allow exfiltration of data or remote command execution, and will be a significant concern for the foreseeable future. Contributing to this type of vulnerability is not only the absence of secure coding practices and quality assurance testing in custom applications, but also applications which inherit the capabilities of vulnerable third-party code libraries and frameworks.”