2019年第四季度网络安全威胁论报告（英文版）.pdf

ptsecurity Cybersecurity threatscape Q4 2019Contents Symbols used 3 Executive summary 4 Statistics 5 Attack number 8 Attack methods 9 Malware use 9 Social engineering 10 Hacking 11 Web attacks 11 Credential compromise 12 Victim categories 13 Government 14 Industrial companies 17 Financial institutions 19 IT 21 Retail 22 What companies can do to stay safe 25 How vendors can secure their products 26 How users can avoid falling victim 27 About the research 28 Group profiles 29 2Symbols used Attack targets Computers, servers, and network equipment Web resources Humans POS terminals and ATMs Mobile devices IoT Attack methods Malware use Credential compromise Social engineering Hacking Web attacks Victim categories Finance Government Healthcare Science and education Military Industrial companies Online services Hospitality and entertainment Transportation IT Retail Individuals Telecom Blockchain Other 3Executive summary Highlights of Q4 2019 include: Unique cyberincidents are growing, with a 12-percent increase in their number compared to the previous quarter. The share of targeted attacks increased by 2 percentage points versus the previous quarter, to 67 percent. This is due to a large number of APT attacks against individual organizations and entire industries. There were 11 very active groups. Their attacks targeted mostly government institutions, industry, and finance. Payment card information comprised a third of all data stolen from organizations (32%). This is 25 percentage points more than in the previous quarter. We believe the reason for this increase to be two-fold: the busy winter holiday purchasing season, plus the progressively growing number of MageCart attacks coupled with the second wave of attacks on Click2Gov. Ransomware attacks are highly dangerous. The share of such attacks among malware infections was 36 percent for organizations and 17 percent for individuals (in the previous quarter, these were 27% and 7%, respectively). A new trend in ransomware is to publish the stolen information if the victim refuses to pay up. We believe this is because more and more companies back up their data and have no need to pay for decryption. Malefactors are adjusting accordingly, and now threaten their victims with all the potential consequences of disclosure of personal data, which is subject to the protections of the European Unions General Data Protection Regulation (GDPR). 4