Today’s active digital landscape means that companies and organizations can no longer ignore threats. Attacks are likely to happen, regardless of an organization’s size or industry. Understanding the threats is the first step in protecting your digital assets and infrastructure. In this blog post, we take a look at NTT Security Holdings’ Global Threat Intelligence Report 2023, including key findings from last year and five recommendations for protecting your business.
Cybersecurity – Securing Our Connected Future
2023 Global Threat Intelligence Report
For the 2023 Global Threat Intelligence Report, NTT Security Holdings analyzed the threats observed, the broader threat landscape and their increasing impact on daily life. 2022 saw an acceleration in politically motivated responses, major incidents that disrupted critical infrastructure and supply chains, and a significant focus on government response to cyber threats through new agencies or legislation.
The report is based on analysis of log, event, attack, incident and vulnerability data from 1,500 enterprise customers and over 800 billion logs processed per month, providing a trusted view into the ever-evolving cyber threat landscape.
About GTIC
NTT Security Holdings Global Threat Intelligence Center (GTIC) combines threat research with NTT’s proprietary detective technology to produce applied threat intelligence. Its mission is to protect customers by providing advanced threat research and security intelligence that enables NTT Security Holdings to prevent, detect and respond to cyber threats.
Key Findings of the Global Threat Intelligence Report
In 2022, global businesses, organizations, and governments were increasingly worried about cyber risks to critical infrastructure and supply chains, and their concerns were justified. Technological advancements increased threats, and malicious actors multiplied, including nation-states, criminal groups, and individual hackers. These cyberattacks had serious consequences, from ransomware and data breaches to operational disruptions and physical damage.
Top 5 Most-Attacked Sectors
Critical infrastructure and supply chains remain prime targets. Technology, manufacturing, and transportation/distribution, as vital components of daily life, consistently rank in the top 5 most attacked sectors. Notably, the Public Sector jumps to #4, influenced by the intensifying geopolitical situation.
- Technology, 25.90 %
- Manufacturing, 19.01 %
- Education, 11.37 %
- Public Sector, 9.10%
- Transport and Distribution, 8.12%
Cloud and Saas Attacks
Cloud and SaaS attacks continued to increase, with web-based and desktop applications accounting for 70% of incidents. In particular, content management systems (CMS) and utilities accounted for approximately 80% of web-hosted targets.
- 45.22% Web application attack
- 25.23 % Application specific attack
- 21.27% Reconnaissance
Web Applications Attacks
Globally, attacks were evenly distributed across CMS software, plugins and PHP web applications, with a significant focus on WordPress. WordPress was the most targeted CMS software with 36.10% in the Americas, 31.10% in APAC and 38.82% in EMEA. Rather than targeted campaigns, many attacks relied on exploits embedded in malware and botnets.
Banking Trojans and Cryptominers
Banking Trojans (48.97%) remained prominent but declined slightly from the previous year, while Cryptominers (15.48%) increased after a lull in 2021, despite the loss of value of many currencies. Such fluctuations are relatively common as industry partners, hosting providers and law enforcement work to disrupt and dismantle cyber threats and infrastructure – as well as resurgences of previously disrupted malware.
High-Impact & Top Targeted Vulnerabilities
Attackers have been targeting high-impact vulnerabilities, with nearly 75% having critical or high severity CVSSv3 scores. Despite being widely known and publicized, the most targeted vulnerabilities continue to be successful. In 2022, three of the top five targeted CVEs were listed in the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerability Catalog. This underscore existing gaps in vulnerability management, response, and visibility within organizations regarding their own attack surfaces.
Cybersecurity for Your Business
Understanding the threats is critical but knowing how to protect your business or organization is just as important. You can take immediate action by implementing the following five recommendations, most of which involve enabling readily available features within your existing products.
- Enable multi-factor authentication
- Monitor all malware.
- Review and test continuously.
- Disable unused plugins.
- Assess third-party vendor security.
SecurityBridge – Advanced Cybersecurity for SAP
Cyberattacks are increasing in frequency and severity, especially for companies that are not prepared to monitor and respond to threats. In fact, it has become a highly sensitive issue for companies with an SAP landscape, an essential part of the business that must be protected from any threat. SecurityBridge is the first and only holistic, natively integrated security platform that addresses all aspects of protecting organizations running SAP from internal and external threats to their core business applications.