cyber trends of mining among students who exploit unprotected infrastructures .
The cryptocurrency market is a prime example , with cryptominers accounting for a staggering 41 % of all detected malware in 2020 . XMRig coinminer was the most common variant , representing nearly 82 % of all coinminer activity and nearly 99 % in EMEA specifically .
Mark Thomas , who leads NTT ’ s Global Threat Intelligence Centre , said : “ On one hand you have threat actors taking advantage of a global disaster and on the other , cybercriminals capitalising on unprecedented market booms . The common thread throughout both of these situations is unpredictability and risk . Changes in operating models or adoption of new technologies present opportunities for malicious actors and with a surging cryptocurrency market popular among inexperienced students ; attacks were bound to happen . Now , as we enter a more stable phase of the pandemic , organisations and individuals alike must prioritise cybersecurity hygiene across all industries , including the supply chain .”
Further 2021 GTIR highlights :
• Attacks against manufacturing increased from 7 % last year to 22 %; healthcare increased from 7 % to 17 %; and finance is up from 15 % to 23 %.
• Organisations in multiple industries saw attacks related to the COVID-19 vaccine and associated supply chains .
• COVID-19 cybercriminal opportunism intensified , with groups such as the
Ozie Team , Agent Tesla and TA505 , along with nation-state actors like Vicious Panda , Mustang Panda and Cozy Bear being very active in 2020 .
• The most commonly occurring forms of malware in 2020 were miners : 41 %; trojans : 26 %; worms : 10 %; ransomware 6 %.
• Cryptominers dominated activity in Europe , the Middle East and Africa ( EMEA ) and the Americas but were relatively rare in Asia Pacific ( APAC ).
• OpenSSL was the most targeted technology in the Americas but was not even on the top 10 list in APAC .
• Ongoing fallout following the Schrems II decision invalidated the EU – US Privacy Shield and placed additional obligations on organisations transferring personal data from the EU to third countries .
• NTT ’ s research shows that 50 % of organisations globally are prioritising securing their cloud services – making it the top cybersecurity focus over the next 18 months .
Highlights for the Americas :
• OpenSSL was the most targeted technology in the Americas but was not even in the top 10 list in APAC .
• Business and professional services was the most attacked industry in the Americas , accounting for 26 % of all attacks .
• The US accounted for two of the highest rates of reconnaissance activity of any country analysed :
• Some 64 % of all hostile activity targeting the technology industry was some form of reconnaissance .
• In the education industry , 58 % of all hostile activity was reconnaissance .
• The Americas observed 8 % of all attacks as DoS / DDoS attacks , while these attacks accounted for under 4 % in APAC and 1 % in EMEA .
• With 34 % of all malware detections , XMRig was the most detected malware in the Americas and in the US .
Hightlights for APAC + ANZ :
• Malware varied greatly throughout APAC , but webshells , botnets and all forms of trojans combined to account for 72 % of all malware . While XMRig was the most commonly detected malware globally , no country in APAC showed XMRig in their top 10 most common malware .
• In APAC , finance ( 24 %) was the most attacked industry , followed by manufacturing ( 22 %).
• In ANZ , finance ( 42 %) accounted for almost half of all attacks , followed by education ( 24 %).
• Healthcare industry maturity was severely lacking in APAC and AU at 0.60 and 0.96 , being below the global average of 1.02 . The largest gap was APAC with 2.53 to target state .
• The technology sector ( 2.02 ) was more mature than the global average ( 1.64 ).
Methodology for the report
The 2021 Global Threat Intelligence Report contains global attack data gathered from January 1 2020 to December 31 2020 .
The analysis is based on log , event , attack , incident and vulnerability data from clients as well as from NTT ’ s global honeypot network . The report includes data from supported operating organisations including NTT ’ s Cybersecurity Advisory and WhiteHat Security , along with global primary research . u www . intelligentciso . com
21