News Column

Solutionary Security Engineering Research Team Unveils Annual Global Threat Intelligence Report

Mar 12 2013 12:00AM



OMAHA, NB -- (Marketwire) -- 03/12/13 -- Solutionary, the leading pure-play managed security services provider (MSSP), today announced that the Solutionary Security Engineering Research Team (SERT) has produced the Solutionary Global Threat Intelligence Report (Solutionary GTIR). Available at, the report provides deep insight into and analysis of cyberthreats that enterprises, governments and mid-market organizations faced throughout 2012; a look at costs associated with attack and recovery; and most importantly, actionable intelligence that enables organizations to make effective security decisions that reduce risk and defend against advanced threats. Additionally, the report provides an overview of how top security executives position the importance of security programs within their organizations in order to increase security budgets and obtain the resources needed to defend their organizations.

Click to Tweet: Global Threat Intelligence Report from @Solutionary available at #Malware #ThreatIntelligence #InfoSec #GTIR

SERT based the Solutionary GTIR research on threat intelligence gathered from thousands of customers via the Solutionary ActiveGuard® service platform as well as from global threat intelligence sources and real-world interactions with customers in 14 industries across the globe. Below is a summary of some of the most salient findings:

DDoS and malware infection recovery is costing organizations thousands of dollars per day -- In case studies, it is revealed that organizations are spending as much as $6,500 per hour to recover from DDoS attacks and up to 30 days to mitigate and recover from malware attacks, at a cost of just over $3,000 per day. These amounts do not include revenue that may have been lost due to related systems downtime.

U.S. IP addresses are the largest source of attacks against U.S. organizations -- While there has been considerable discussion about foreign-based attacks against U.S. organizations, 83% of all attacks against U.S. organizations originate from U.S. IP address space, and the absolute quantity of these attacks vastly outnumbers attacks seen from any other country. One contributing factor is foreign attackers using compromised machines near attack targets in the U.S. to help evade security controls. This attack localization strategy has also been observed in attacks on targets in other countries.

Attackers from different countries focus on different industry targets -- 90% of all attack activity from China-based IP addresses is directed against the business services, technology, and financial sectors. 85% of all attack activity from Japan-based IP addresses identified by Solutionary was focused against the manufacturing industry. However, attacks targeting the financial sector appear to originate fairly evenly from attackers in many countries across the world.

Attack techniques vary significantly by country of origin -- Among the top four non-U.S. source countries of attacks, the majority of attack traffic from China is indicative of communication with already-compromised targeted devices, while Japanese and Canadian attackers appear to focus more on application exploit attempts. Attacks originating from Germany involve more botnet Command and Control (C&C) activity.

75% of DDoS attacks targeted Secure Socket Layer (SSL) protected components of web applications -- In addition to traditional network-layer attacks, recent DDoS attacks often focus on application layer components, most often SSL. Detecting and blocking attacks in encrypted protocols primarily used for legitimate traffic can be more complex than responding to historical TCP/UDP-based DDoS attacks.

Malware attacks target the financial and retail verticals -- Approximately 80% of attempts to infect organizations with malware are directed at financial (45%) and retail (35%) organizations. These attempts frequently arrive as targeted spam email, which attempts to coerce the recipient to execute an attachment or click on an infected link.

54% of malware evades anti-virus detection -- Solutionary tests all acquired malware samples against as many as 40 different commercial and freeware anti-virus products through VirusTotal and other resources to determine each product's effectiveness. Only 46% of samples tested were detected by anti-virus. This statistic reflects the need for organizations to maintain multiple malware detection mechanisms, as anti-virus solutions alone are insufficient.

Java is the most targeted software in exploit kits -- Java is now the most prominent software targeted in malware exploit kits, replacing Adobe® PDF exploits. Almost 40% of total exploits in exploit kits now target Java. The cross-platform nature of these two technologies likely explains their positions as leading exploit targets.

"Cyber criminals are targeting organizations with advanced threats and attacks designed to siphon off valuable corporate IP and regulated information, deny online services to millions of users and damage brand reputation," said Don Gray, chief security strategist, Solutionary. "The Solutionary GTIR provides actionable intelligence and strategic recommendations that will allow readers to make smart decisions, strengthen their organizations' cyber defenses and maximize the value of their security programs."

In addition to the aforementioned information, the Solutionary GTIR provides a number of notable sections:

Security Self-Assessment -- Developed by SERT, the assessment allows security and risk professionals to rank their cyber-security posture based on multiple criteria. Rankings will allow organizations to determine their cyber-security strengths and weaknesses. To take the survey, visit:

The Future -- With in-depth insights into the global threat landscape, Solutionary provides a predictive look at how malware authors will continue to evade anti-virus software, how attackers will hone in on custom Web applications and how exploit kits will evolve in an accelerated and more efficient manner.

Actionable Threat Intelligence -- In the "Getting the Most from Threat Intelligence" section, SERT details how organizations can and should use threat intelligence to make decisions and take actions that will reduce overall security risks.

"This report provides a wide range of threat information, with analysis, intelligence and defense guidance focused on high-priority security issues, including malware, advanced threats, BYOD, Distributed Denial of Service Attacks (DDoS), exploit kits and cloud security," said Rob Kraus, director of research, SERT. "The findings are based on a year's worth of research conducted by our team of security experts, who are on the front lines of modern-day cyber-threat battles."

•To access the full report, visit: •To register for a webinar with an in-depth review of the findings from the GTIR, visit: •Read the Solutionary Minds Blog for current SERT threat intelligence: •Follow Solutionary on Twitter: @Solutionary

About SERT
Solutionary SERT (Security Engineering Research Team ) is comprised of dedicated, experienced IT security engineers who assess and research the global information security threat landscape on a 24/7 basis. These expert, certified engineers turn their research into actionable intelligence Solutionary uses to protect its managed security services clients against threats, compromises and data breaches through the ActiveGuard services platform, malware analysis and incident response services. SERT researchers perform in-depth security research into current and emerging threats to evaluate potential impact and to develop mitigating controls.

About Solutionary
Solutionary is the leading pure-play managed security service provider (MSSP), focused on delivering managed security services and global threat intelligence. Comprehensive Solutionary security monitoring and security device management services protect traditional and virtual IT infrastructures, cloud environments and mobile data. Solutionary clients are able to optimize current security programs, make informed security decisions, achieve regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard® service platform uses multiple detection technologies and advanced analytics to protect against advanced threats. The Solutionary Security Engineering Research Team (SERT) researches the global threat landscape, providing actionable threat intelligence, enhanced threat detection and mitigating controls. Experienced, certified Solutionary security experts act as an extension of clients' internal teams, providing industry-leading client service to global enterprise and mid-market clients in a wide range of industries, including financial services, healthcare, retail and government. Services are delivered 24/7 through multiple state-of-the-art Security Operations Centers (SOCs).
For more information, visit

Media Contact
Joe Franscella
Trainer Communications
Email Contact

Source: Marketwire

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters