2022 Global Threat Intelligence Report by NTT Security


The 2022 Global Threat Intelligence Report by NTT Security Holdings highlights several key trends and events in the cybersecurity landscape:

  1. Shift in Attacks to Critical Infrastructure and Supply Chains: The report indicates that attacks more than doubled in the technology, telecommunications, and transport and distribution sectors. This is largely due to the increased reliance on digital environments and remote working due to COVID-19 and digital transformation. The technology sector was the most targeted industry with 21% of all attacks, followed by finance (17%) and education (11%) (Page 6).
  2. Cloud Migration Shaping Global Attacks: As organizations migrate to cloud environments, attacks targeting platforms and network services have decreased. However, web-application (42%) and application-specific (30%) attacks continue to rise, accounting for 72% of all attacks (Page 7).
  3. Diversifying Target Scope and Attack Intensity: There was a 30% increase in hostile activity targeting clients, led by attacks against applications and network infrastructure, along with denial of service and brute-force attacks. The rate of attacks targeting all top three industries dropped, indicating a diversification of targets by threat actors (Page 8).
  4. Rise in Trojan Deployments and Botnet Re-emergence: Trojans accounted for 65% of malware in 2021, up from 35% in 2020. There was a 50% increase in detected malware led by Trojans and botnets during 2021. This indicates attackers’ desire to increase control over an environment by maintaining long-term persistence (Page 9).
  5. Ransomware Impacting Business Continuity: 24% of all incident response engagements with NTT’s Digital Forensics and Incident Response team in 2021 were related to ransomware, a 240% growth from 7% in 2019. This indicates that organizations are increasingly challenged in defending and responding to ransomware incidents (Page 10).
  6. Impact of Russia-Ukraine Conflict: The conflict between Russia and Ukraine has had significant impacts on the cybersecurity landscape, with cyber operations beginning much earlier than the physical invasion. The conflict has seen the use of various cyber threats including ransomware, malware, data wipers, phishing, and more. This conflict could set a precedent for how cyber operations will be leveraged for offense and to support traditional physical, economic, and diplomatic actions (Pages 11-13).