Cyber attacks from US-based IP addresses have increased for the third consecutive year, making the US a major source of hostile cyber activity. That’s according to the NTT 2016 Global Threat Intelligence Report published recently. The annual Report contains security threats gathered during 2015 from 8,000 clients of the NTT Group security companies including Dimension Data, Solutionary, NTT Com Security, NTT R&D, and NTT Innovation Institute (NTTi3). This year’s data is based on 3.5 trillion security logs and 6.2 billion attacks. Data is also gathered from 24 Security Operations Centres and seven research and development centres of the NTT Group. During 2013, 49% of cyber attacks on IP addresses originated from within the US, and that number increased to 56% in 2014. In 2015, this number increased to a startling 65% across 217 countries that detected attacks.
Matthew Gyde, Dimension Data’s Group Executive – Security says, “The US serves as a major source of hostile activity, due to the ease of provisioning and low cost of US cloud hosting services. While the source IP address is based in the US, the actual attacker could be anywhere in the world. Because of the ease with which attackers can disguise their IP addresses, attack sources can often be more indicative of the country in which the target is located, or perhaps of where the attacker is able to compromise or lease servers, rather than where the attack actually originates. Because a significant number of the detected attacks target US organisations, so attackers often host such attacks locally in the same geographic region as their victims. This reduces the likelihood that they’ll experience potential geolocation blocking or alerting,” explains Gyde, and points out that the data is derived from correlated log events identifying validated attacks that took place in 2015.
China, which was the source of the second-largest number of attacks (9%) in the 2014, accounted for only 4% of attacks in 2015. Australia, which was in third place in 2014, dropped to eleventh spot (1%) as a source of attacks in 2015.
Meanwhile, the UK became the number one source of non-US based cyberattacks in 2015: the number of attacks from addresses based in the UK rose slightly from 3% in 2014, to 5% 2015, making the country the primary source of non US-based attacks.
Other highlights in the report include:
- Organisations in the retail sector experienced nearly three times more attacks as those in the financial sector which topped the list of cyberattacks in the 2015 report. In 2015, cyberattacks on the financial industry dropped to fourteenth position.
- Similar to the retail sector, the hospitality, leisure, and entertainment sector also processed high volumes of sensitive information including credit card data. Transactions in the hospitality sector, which includes hotels and resorts, tend to be sizable, which can make those card numbers attractive to attackers.
- Cybercriminals are adopting low-cost, highly available, and geographically strategic infrastructure to perpetrate malicious activities. This can be seen by the increase in US-sourced attacks leveraging cloud infrastructure.