Privacy News Hackers changing tactics, techniques and procedures

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Organizations need to conduct better penetration testing to combat continual changes in hackers’ tactics, techniques and procedures (TTPs), according to NTT Security.

ohktIUO.jpg


“Our Q3 2016 report confirms that hackers are relentless and constantly employing new means to penetrate networks to steal confidential data,” said Rob Kraus, Director, Security Research and Strategy, NTT Security. “Organizations’ first line of defense is to determine where and how these attacks are taking place so they can deploy the most efficient and appropriate network security solutions to minimize their exposure and liabilities.”

The report cites an increase in the type and sophistication of attacks during Q3 ’16 across a broad range of industries with finance being the most affected, followed by retail and manufacturing.

Further, traditional hacking is being supplemented by other, more sinister attacks such as “direct cash back” models including ransomware and Business Email Compromise (BEC) attacks.

xitYCMf.jpg


Key findings
  • Finance was the most attacked industry in Q3 ‘16, with 23 percent of all attacks. Others in the top five industries were retail (19 percent), manufacturing (18 percent), technology (12 percent) and healthcare (11 percent).
  • 43 percent of attacks against finance were web application attacks, with SQL injection as the most common attack method.
  • There have been widespread increases in brute force attacks, highlighted by a 4,800 percent increase in brute force attacks in the retail industry.
  • 73 percent of malware delivered to the healthcare industry was from spam email with malicious attachments.
  • NTT Security detected a 17 percent increase in ransomware infections in the healthcare industry from Q2 ’16 to Q3 ’16.
  • Analysts have observed a shift in TTPs, from selling stolen data to more “direct cash back” revenue models like ransomware and Business Email Compromise (BEC) attacks.
  • Researchers detected an increase in attacks actively targeting a 2014 vulnerability in the Netcore/Netis router from almost 9,000 unique IP addresses spanning 1,427 businesses in over 110 countries.
jaEcBOn.jpg


As organizations consider how to better protect their security infrastructure against these attacks, Kraus notes that many are turning to external managed security services (MSS) to help them identify network vulnerabilities. Through a red team’s comprehensive penetration testing, clients can determine where they need to optimize network security programs, make better informed decisions, achieve compliance and reduce costs.

Full Article. Hackers changing tactics, techniques and procedures - Help Net Security
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The minds of hackers are always clever; remember that some institution reduce the security measures due to the assumption of rare attacks however already vulnerable to create massive damage.

Also many firms, does not implement rapid maintenance to monitor the security infrastructure, so the result of problem will be same.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top