Cybersecurity – Securing Our Connected Future

For the 2023 Global Threat Intelligence Report, NTT Security Holdings analyzed the threats observed, the broader threat landscape and their increasing impact on daily life. 2022 saw an acceleration in politically motivated responses, major incidents that disrupted critical infrastructure and supply chains, and a significant focus on government response to cyber threats through new agencies or legislation.

The report is based on analysis of log, event, attack, incident and vulnerability data from 1,500 enterprise customers and over 800 billion logs processed per month, providing a trusted view into the ever-evolving cyber threat landscape.

About GTIC

NTT Security Holdings Global Threat Intelligence Center (GTIC) combines threat research with NTT’s proprietary detective technology to produce applied threat intelligence. Its mission is to protect customers by providing advanced threat research and security intelligence that enables NTT Security Holdings to prevent, detect and respond to cyber threats.

In 2022, global businesses, organizations, and governments were increasingly worried about cyber risks to critical infrastructure and supply chains, and their concerns were justified. Technological advancements increased threats, and malicious actors multiplied, including nation-states, criminal groups, and individual hackers. These cyberattacks had serious consequences, from ransomware and data breaches to operational disruptions and physical damage.

Top 5 Most-Attacked Sectors

Critical infrastructure and supply chains remain prime targets. Technology, manufacturing, and transportation/distribution, as vital components of daily life, consistently rank in the top 5 most attacked sectors. Notably, the Public Sector jumps to #4, influenced by the intensifying geopolitical situation.

• Technology, 25.90 %
• Manufacturing, 19.01 %
• Education, 11.37 %
• Public Sector, 9.10%
• Transport and Distribution, 8.12%

Cloud and Saas Attacks

Cloud and SaaS attacks continued to increase, with web-based and desktop applications accounting for 70% of incidents. In particular, content management systems (CMS) and utilities accounted for approximately 80% of web-hosted targets.

• 45.22% Web application attack
• 25.23 % Application specific attack
• 21.27% Reconnaissance

Web Applications Attacks

Globally, attacks were evenly distributed across CMS software, plugins and PHP web applications, with a significant focus on WordPress. WordPress was the most targeted CMS software with 36.10% in the Americas, 31.10% in APAC and 38.82% in EMEA. Rather than targeted campaigns, many attacks relied on exploits embedded in malware and botnets.

Banking Trojans and Cryptominers

Banking Trojans (48.97%) remained prominent but declined slightly from the previous year, while Cryptominers (15.48%) increased after a lull in 2021, despite the loss of value of many currencies. Such fluctuations are relatively common as industry partners, hosting providers and law enforcement work to disrupt and dismantle cyber threats and infrastructure – as well as resurgences of previously disrupted malware.

High-Impact & Top Targeted Vulnerabilities

Attackers have been targeting high-impact vulnerabilities, with nearly 75% having critical or high severity CVSSv3 scores. Despite being widely known and publicized, the most targeted vulnerabilities continue to be successful. In 2022, three of the top five targeted CVEs were listed in the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerability Catalog. This underscore existing gaps in vulnerability management, response, and visibility within organizations regarding their own attack surfaces.