A new report reveals that 77% of all detected ransomware globally was in four main sectors – business & professional services (28%), government (19%), health care (15%) and retail (15%).

The 2017 Global Threat Intelligence Report (GTIR) by NTT Security also found that phishing attacks were responsible for nearly three-quarters (73%) of all malware delivered to organizations, with government (65%) and business & professional services (25%) as the industry sectors most likely to be attacked at a global level. When it comes to attacks by country, the U.S. (41%), Netherlands (38%) and France (5%) were the top three sources of phishing attacks.

The report also reveals that just 25 passwords accounted for nearly 33% of all authentication attempts against NTT Security honeypots last year. More than 76% of log on attempts included a password known to be implemented in the Mirai botnet – a botnet comprised of IoT devices, which was used to conduct, what were at the time, the largest ever distributed denial of service (DDoS) attacks.

DDoS attacks represented less than 6% of attacks globally, but accounted for more than 16% of all attacks from Asia and 23% of all attacks from Australia.

Finance was the most commonly attacked industry globally, subject to 14% of all attacks. The finance sector was the only sector to appear in the top three across all of the geographic regions analysed, while manufacturing appeared in the top three in five of the six regions. Finance (14%), government (14%) and manufacturing (13%) were the top three most commonly attacked industry sectors.

Summary of other key global findings:

Top attack source countries: United States (63%), United Kingdom (4%), China (3%)

  • 32% of organizations had a formal incident response plan up from an average of 23% in previous years.
  • 59% of all incident response engagements were in the top four industries – health care (17%), finance (16%), business and professional services (14%), and retail (12%).
  • More than 60% of incident response engagements were related to phishing attacks.
  • Incident engagements related to ransomware were the most common incidents (22%).
  • 56% of all incidents in finance organizations were related to malware.
  • 50% of all incidents in health care organizations were related to ransomware incidents.