NTT/Solutionary Global Threat Intelligence Report (GTIR)
Solutionary (which is now part of the NTT Group) provides managed security services to their global customers. Because their Solutionary Security Engineering Research Team (SERT)is watching over the security for many organizations, it gives them a unique perspective of the state of Internet security. NTT Group 2014 Global Threat Intelligence Report (GTIR) came out earlier in 2014 and covers attacks seen in 2013. In case you are curious you can also look at their SERT Quarterly Threat Intelligence Report from Q3 2013.
The GTIR described how "good enough" security by organizations is not sufficient to keep up with the quick and nimble responsiveness of well-funded attackers. This report also commented on the well-known fact of the erosion of the traditional enterprise security perimeter and a need for enterprises to deploy a diverse and layered security strategy that involves the end-user and their BYOD systems. The GTIR discussed how application-layer attacks are the norm, but DDoS attacks and botnet activity account for many of the security incidents. This report also confirmed the other reports in citing that the greatest number of attack sources and botnet C&C systems like ZeroAccess Supernodes are found within the United States. The GTIR also has several realistic case studies for the various attack types highlighted.
FireEye Advanced Threat Report & Mandiant M-Trends Report
FireEye is a manufacturer of perimeter-based adaptive threat defense systems that focus on preventing malware from being received over web, e-mail or through file transfers. FireEye's system leverages their virtual-machine detection Multi-Vector Virtual Execution (MVX) technology that uses a sandbox and signature-detection methods to detect and prevent malware infections. FireEye has published their Advanced Threat Report for several years and their most recent 2013 edition is available for download.
Now that FireEye has acquired Mandiant and the knowledge team lead by Richard Bejtlich (longtime security researcher and author of many fantastic security books), their combined research has produced improved security guidance. The security reports are created by the FireEye/Mandiant Intel team. Mandiant has historically published their M-Trends report and their M-Trends 2013: Attack the Security Gap report.
The FireEye report corroborated other reports that showed that APTs and malware most frequently targeted the U.S. and that Java exploits were popular. The M-Trends report confirmed that the number of days that networks were compromised was well over 200 and that attackers leveraged malware propagation, drive-by downloads, and business partner networks to infiltrate organizations. The M-Trends report also covered how adept attackers are getting at external and internal reconnaissance of their victims. We should soon expect new and improved combined versions of these reports to be published with data from 2014.
Check Point 2014 Internet Security Report
Check Point has published annual security reports for several years now. Their latest report is their2014 Security Report which covers security trends observed in 2013 by their security researchers and by their ThreatCloud system. This report, like the others listed here, recognized the transition of malware attacks to political and ideological hacktivism, state-sponsored industrial espionage, the increased appearance of ransomware, advanced APTs, and DNS packet amplification DDoS attacks. Check Point, therefore, recommends that more organizations utilize improved AV software, better URL filtering, anti-bot mitigation, malware detection/prevention systems that perform emulation, sandboxing, and have capabilities to disarm the malware at various points along the "Kill Chain". The security report also discussed the risks related to the use of web anonymizers, file sharing and storage services, social media applications, and Remote Administration Tools (RATs). The report also talked about the data loss experience by high-profile companies and discussed, like other reports listed here, that there are many more incidents of data loss that go unreported.
Sign up for CIO Asia eNewsletters.