Attack Analysis: The 2016 Global Threat Intelligence Report

We’ve just release the third annual Global Threat Intelligence Report, and this year, we’ve done things a little differently. Not only do we have our technical threat intelligence report, but we’ve added a special executive’s guide to the 2016 Global Threat Intelligence Report, which gives insights on the latest security threats and offers recommendations for protecting organisations from cybersecurity incidents as you accelerate to become a digital business.

2015 attack analysis 

Incidents assessed in 2015 aggregated from over 3.5 trillion logs, 6.2 billion attacks and 8,000 clients worldwide was broken down into five categories: sources of attacks, attacks by sector, types of attacks, vulnerabilities analysis, and malware observations:

Sources of attacks

Continuing the trends we’ve seen for the last three years, 65% of attacks in 2015 originated from IP addresses within the U.S. In 2014, this accounted for 56%, and 49% in 2013. The top five attack source countries accounting for 81% of all identified attacks. Click here to find out more about these sources of attack.

Attacks by sector

If you had to guess, which industry would you say was the most vulnerable to attacks in 2015? Most would say finance, and this was true in 2014. However, 2015 saw a rise in retail attacks – knocking finance out of first place. Clients in retail experienced nearly three times as many attacks as those in finance. The fact that cybercriminals are turning their attention away from finance is an interesting development. Read on about this and find out which other industries saw a rise in attacks.

Types of attacks

Anomalous activity (including privileged access attempts and exploitation software) represented the most common type of attack and jumped to 36% during 2015. Web application attacks accounted for 15% of attacks last year, followed by reconnaissance and application specific attacks.

Vulnerabilities analysis

Over 79% of identified vulnerabilities were disclosed within the past three years, which means nearly 21% of vulnerabilities are more than three years old. Continuing the trend from previous years in which old vulnerabilities are remaining in client environments, more than 12% of vulnerabilities observed were more than five years old. We also uncovered some interesting vulnerability trends relating to the finance sector… but I won’t spoil those either. Check out the report to learn about them.

Malware observations

The dreaded word in business circles – malware. But the happy news is that in 2015, we saw a drop in the total volume of malware compared to 2014, largely due to changes within a single industry – education. For all other industries, malware detection increased by 18% for the year. Most victimised across the board were retail, government, hospitality, leisure and entertainment, and manufacturing. Startlingly, malware detected in the finance industry rose 140% from 2014. Learn more about these here.

The 2015 attack analysis is just one component of the 2016 Global Threat Intelligence Report. Our Executive’s Guide to the report also explores elements such as endpoint security, incident response, and an assessment of how cybercriminals continue to up their game. It’s a great read, and a great eye-opener which underscores an important message: security needs to move from the server room to the boardroom.