Report: EMEA is top source of phishing attacks globally

Nearly all malware globally was delivered to its victims through a phishing attack, the 2017 Global Threat Intelligence Report found.

The Global Threat Intelligence Report (GTIR), published by specialised security company NTT Security, highlights the latest ransomware, phishing, and DDoS attack trends, as well as the impact of these threats against organisations. With visibility into 40 percent of the world’s internet traffic, NTT Security summarises data from over 3.5 trillion logs and 6.2 billion attacks for the GTIR. Analysis is based on log, event, attack, incident, and vulnerability data. It also includes details from NTT Security research sources, including global honeypots and sandboxes in over 100 different countries in environments independent from institutional infrastructures.

According to the GTIR, the data shows that nearly 73 percent of all malware globally was delivered to its victims through a phishing attack. Phishing is a term used to describe when employees are tricked into opening an infected e-mail attachment or browsing to a malicious web site disguised as a trusted destination.

Over half (53 percent) of the world’s phishing attacks originated in Europe, the Middle East, and Africa (EMEA). Analysing global threat trends from 1 Oct 2015 through 31 Sept 2016, the report also shows that of all phishing attacks worldwide, 38 percent came from the Netherlands, second only to the United States (41 percent).

The report also found that over 67 percent of malware detected within EMEA was some form of Trojan. Top services used in attacks against EMEA included file shares (45 percent), websites (32 percent), and remote administration (17 percent).

The United Kingdom was the third most common source of attack, behind the United States (26 percent) and France (11 percent). In terms of top attack source countries globally, the United Kingdom was second only to the United States (63 percent) accounting for four percent of all attacks, just behind China with three percent.

The report reveals that some of the biggest regional differences related to brute-force attacks, commonly used to crack passwords. Of all brute force attacks globally, 45 percent started in EMEA—more than the Americas (20 percent) and Asia (7 percent) combined. In addition, 45 percent of brute force attacks that targeted EMEA customers also started in the region.

“While phishing attacks affected organisations everywhere, EMEA unfortunately emerged as the top region for the source of these attacks,” said Dave Polton, Global Director of Innovation at NTT Security. “These figures, combined with those for brute force attacks, should be of very serious concern for any organisation doing business in EMEA, especially with the EU General Data Protection Regulation (GDPR) just around the corner.”

“Any organisation processing data belonging to EU citizens need to demonstrate that their information security strategy is robust,” Polton added. He said more active collaboration between business, government, and law enforcement agencies is needed to tackle global threats and to ensure measures are in place that will have a long-lasting impact on global security.

Another key finding from the report revealed that 54 percent of all attacks in EMEA targeted three industry sectors: finance (20 percent), manufacturing (17 percent), and retail (17 percent).

“[D]efining an acceptable level of risk is important,” said Frank Brandenburg, chief operating officer and regional CEO, NTT Security. “Clients are starting to understand that by default every employee is part of their organisation’s security team, and businesses are now seeing the value in security-awareness training, knowing that educating the end-user is directly connected to securing their enterprise.”

“Expanding cyber education and ensuring employees adhere to a common methodology, set of practices, and mind set are key elements,” Brandenburg added. “Clients see that assisting and coaching their employees (end users) on the proper usage of technology will only enhance the organisation’s overall security presence.”