Security Experts:

Europe Emerges as Major Source of Cyber Attacks: Reports

Europe And Especially UK Are Now Major Originators of Cyber Attacks, Reports Show

With 73% of all malware being delivered by phishing, it remains the attackers' primary attack methodology. Thirty percent of all detected attacks targeted end-user applications; the most common of which are Flash, Internet Explorer and Silverlight. The Netherlands is second only to the US as the top source of global of phishing attacks, and the UK is second only to the US as the source of all global cyber attacks.

These details come from the NTT Security 2017 Global Threat Intelligence Report (GTIR: PDF). NTT has visibility into 40% of the world's internet traffic, and the report analyzes data from over 3.5 trillion logs and 6.2 billion attacks.

It shows that more than half (53%) of the world's phishing attacks originate from EMEA countries. The Netherlands alone accounts for 38% of global phishing attacks, second only to the US at 41%.

"You have to consider that the driving force behind a large number of these attacks is likely to be an established, sophisticated criminal organization," Dave Polton, global director of innovation at NTT Security told SecurityWeek. "As with any organization, when you are attempting to build a service, you want to build it upon the fastest and most resilient architecture that you can.

Cybercrime in Europe"Particular areas of EMEA and especially the Netherlands," he continued, "are known for having internet networks that are fast and reliable, coupled with the fact that the Amsterdam internet exchange (AMS-IX) is one of the busiest in the world (second to the German Commercial Internet Exchange and just above London's internet exchange) it is understandable that cybercriminals would want to use these locations as a source of an attack."

The UK is the third most common source of attacks against other EMEA, and is second only to the US as the primary source of all global attacks. This was also confirmed by last week's ThreatMetrix Cybercrime Report for Q1, 2017, which noted that the UK is now one of the world's largest attack originators.

This raises the question over whether the UK's recent major cyber legislation -- the Digital Economy Act and especially the Investigatory Powers Act -- might improve matters in the future. The IP Act, for example, requires communication service providers (CSPs) to retain UK internet users' "Internet connection records" for one year, requires CSPs to assist with targeted interceptions, and allows police, intelligence officers and a range of other government department managers to see the users' Internet connection records without a warrant.

But Sean Sullivan, F-Secure security advisor, does not believe the new laws will affect the UK's rise as an attack source. "The sort of people that carry out hacking campaigns," he told SecurityWeek, "are not (based on my research) deterred by the current state of law enforcement powers. For example; the gunman involved in the Paris nightclub shootings reportedly used rather standard phones and communicated via SMS. Technology wasn't really a big factor."

Rather, he suspects, "If there's an increase in the UK as a source, the cause is undoubtedly political/social -- and nothing to do with surveillance powers. Are they likely to decrease? Probably not due to IP Act powers. The UK's surveillance powers will be useful in a reactive way, to investigate after the fact. I do not think they will prevent."

EMEA as a region also emerges as the primary originator of the brute force attacks commonly used to crack credentials. Forty-five percent originate from EMEA; far more than the Americas (20%) and Asia (7%) 

"While phishing attacks affected organizations everywhere, EMEA unfortunately emerged as the top region for the source of these attacks. These figures, combined with those for brute force attacks, should be of very serious concern for any organization doing business in EMEA, especially with the EU General Data Protection Regulation (GDPR) just around the corner. Any organization processing data belonging to EU citizens needs to demonstrate that their information security strategy is robust," comments Polton. 

It is worth noting that users still employ weak and common passwords. NTT found that just 25 different passwords accounted for nearly 33% of all authentication attempts against NTT Security honeypots. NTT employs honeypots and sandboxes in over 100 different countries in environments independent from institutional infrastructures. 

Polton is calling for more active collaboration between business, government and law enforcement agencies to tackle global threats -- a feature that is likely to figure in President Trump's upcoming cybersecurity executive order.

Other details emerging from NTT's GTIR show that 77% of all detected ransomware was concentrated in four industries: business and professional services (28%), government (19%), healthcare (15%), and retail (15%).

Overall, the finance industry remains the most targeted sector, figuring within the top three most attacked industries in all six of the geographical regions analyzed. Manufacturing is the second most popular target; but no other industry appeared in the top three for more than two regions.

In the Americas (comprising both North and South America), the top three targets were manufacturing (23%), Education (20%) and finance (15%). NTT also notes that "the Americas have received a significant amount of attention from Business Email Compromise (BEC) attacks; sometimes called CEO fraud. BEC attacks were the second most common type of phishing attack which NTT Security supported with incident response engagements both globally, and in the Americas specifically."

NTT warns that the sophistication of attack techniques from well-financed, skilled and patient adversaries continues to grow even as the attack surface expands.

"We have more data than ever before as the number of connected devices increases daily," comments Mike Hrabik, US CTO and Regional CEO for NTT Security. "Organizations and end users benefit from innovation in IoT, OT, cloud, automation, mobile, and other forms of modernization. These innovations only increase challenges to secure this interconnected and expanding attack surface."

In particular, NTT notes that "IoT and OT technology are advancing at an explosive rate. NTT Security believes this newer breed of technology will taunt security practitioners for many years to come."

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.