OMAHA, NB -- (Marketwire) -- 03/12/13 -- Solutionary, the leading pure-play managed security services provider (MSSP), today announced that the Solutionary Security Engineering Research Team (SERT) has produced the Solutionary Global Threat Intelligence Report (Solutionary GTIR). Available at http://go.solutionary.com/GTIR.html, the report provides deep insight into and analysis of cyberthreats that enterprises, governments and mid-market organizations faced throughout 2012; a look at costs associated with attack and recovery; and most importantly, actionable intelligence that enables organizations to make effective security decisions that reduce risk and defend against advanced threats. Additionally, the report provides an overview of how top security executives position the importance of security programs within their organizations in order to increase security budgets and obtain the resources needed to defend their organizations.
Click to Tweet: Global Threat Intelligence Report from @Solutionary available at http://go.solutionary.com/GTIR.html #Malware #ThreatIntelligence #InfoSec #GTIR
SERT based the Solutionary GTIR research on threat intelligence gathered from thousands of customers via the Solutionary ActiveGuard® service platform as well as from global threat intelligence sources and real-world interactions with customers in 14 industries across the globe. Below is a summary of some of the most salient findings:
•DDoS and malware infection recovery is costing organizations thousands of dollars per day -- In case studies, it is revealed that organizations are spending as much as $6,500 per hour to recover from DDoS attacks and up to 30 days to mitigate and recover from malware attacks, at a cost of just over $3,000 per day. These amounts do not include revenue that may have been lost due to related systems downtime.
•U.S. IP addresses are the largest source of attacks against U.S. organizations -- While there has been considerable discussion about foreign-based attacks against U.S. organizations, 83% of all attacks against U.S. organizations originate from U.S. IP address space, and the absolute quantity of these attacks vastly outnumbers attacks seen from any other country. One contributing factor is foreign attackers using compromised machines near attack targets in the U.S. to help evade security controls. This attack localization strategy has also been observed in attacks on targets in other countries.
•Attackers from different countries focus on different industry targets -- 90% of all attack activity from China-based IP addresses is directed against the business services, technology, and financial sectors. 85% of all attack activity from Japan-based IP addresses identified by Solutionary was focused against the manufacturing industry. However, attacks targeting the financial sector appear to originate fairly evenly from attackers in many countries across the world.
•Attack techniques vary significantly by country of origin -- Among the top four non-U.S. source countries of attacks, the majority of attack traffic from China is indicative of communication with already-compromised targeted devices, while Japanese and Canadian attackers appear to focus more on application exploit attempts. Attacks originating from Germany involve more botnet Command and Control (C&C) activity.
•75% of DDoS attacks targeted Secure Socket Layer (SSL) protected components of web applications -- In addition to traditional network-layer attacks, recent DDoS attacks often focus on application layer components, most often SSL. Detecting and blocking attacks in encrypted protocols primarily used for legitimate traffic can be more complex than responding to historical TCP/UDP-based DDoS attacks.
•Malware attacks target the financial and retail verticals -- Approximately 80% of attempts to infect organizations with malware are directed at financial (45%) and retail (35%) organizations. These attempts frequently arrive as targeted spam email, which attempts to coerce the recipient to execute an attachment or click on an infected link.
•54% of malware evades anti-virus detection -- Solutionary tests all acquired malware samples against as many as 40 different commercial and freeware anti-virus products through VirusTotal and other resources to determine each product's effectiveness. Only 46% of samples tested were detected by anti-virus. This statistic reflects the need for organizations to maintain multiple malware detection mechanisms, as anti-virus solutions alone are insufficient.
•Java is the most targeted software in exploit kits -- Java is now the most prominent software targeted in malware exploit kits, replacing Adobe® PDF exploits. Almost 40% of total exploits in exploit kits now target Java. The cross-platform nature of these two technologies likely explains their positions as leading exploit targets.
Most Popular Stories
- Consumer Spending Will Offset Sequester: Economists
- Gas Prices Expected to Stay High
- Hispanic Grads Pass Their Peers in College Enrollment
- AT&T Seeks to Fill 120 Jobs in South Carolina
- California Considers Oil Tax to Fund Schools
- Yahoo to Pay $1.1 Billion for Tumblr
- Dude! California Beach Parking Plan Making Waves
- Boise Terror Suspect Pleads Not Guilty
- Lawsuits Against Employers Reach Record Highs
- Grubhub, Seamless to Combine Online Operations