Story image

Cyber crims ditch financial markets, set sights on retail sector

21 Apr 2016

Cyber criminals have shifted their focus from traditional financial markets to the retail sector, according to new research published in the annual NTT 2016 Global Threat Intelligence Report.

Retail organisations experienced nearly three times as many cyber attacks as those in the finance sector, which was top of the list of cyber attacks on organisations in the 2015 report.

Cyber attacks on the financial industry dropped significantly to fourteenth position, the report found. The retail sector, on the other hand, was the most targeted industry, topping the list with just under 11% of all cyber security attacks in this year’s report, knocking the finance sector out of first place. 

Matthew Gyde, Dimension Data group executive - security, says, “The retail and financial sectors process large volumes of personal information and credit card data. Gaining access to these organisations enables cyber criminals to monetise sensitive data such as credit card details in the black market, which validates that cyber criminals are motivated by the rewards of financial crime.”

Mark Thomas, Dimension Data group cyber security strategist, added, “To put it simply, cyber attackers are adapting. While it is credit card data and personal information cyber criminals are after, it is far more viable to penetrate the defences of organisations which have less robust security programmes. The retail industry has not been as cognisant of the threats, and offers attackers an easier avenue to steal the same information, with much less work.” 

Other highlights in the NTT 2016 Global Threat Intelligence Report include:

  • 65% of attacks originated from IP addresses within the US. However, these attackers could be located anywhere in the world. Cyber criminals are adopting low-cost, highly available, and geographically strategic infrastructure to perpetrate malicious activities.
  • Cyber criminals are increasingly leveraging malware to breach the perimeter defences of organisations. In 2015 there was an 18% increase in malware across all industries, excluding the education sector.
  • The frequency and complexity of malware is becoming more stealthy and sophisticated: while organisations are developing sandboxes to better understand cybercriminals’ tactics to protect themselves from attacks, at the same time, malware developers are aggressively developing anti-sandbox techniques.
  • Analysis of honeynet attacks in organisations reveals that attackers are making use of telcos and hosting providers to conduct their operations.

NTT’s annual Global Threat Intelligence Report contains security threats gathered during 2015 from 8,000 clients of NTT Group security companies including Dimension Data, Solutionary, NTT Com Security, NTT R&D, and NTT Innovation Institute (NTTi3). This year’s data is based on 3.5 trillion security logs and 6.2 billion attacks. Data is also gathered from 24 Security Operations Centres and seven research and development centres of the NTT Group.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.