The first quarter of 2017 saw an upward trend in attacks, with the threat landscape increasing dramatically in the third week of February and through March, according to eSentire analysis.
Between January 1 and March 31, the eSentire SOC detected nearly 4 million attacks across multiple industries, with finance, technology, legal, mining and retail seeing the most activity.
Scanning/information gathering and intrusion attempts dominated the data trends; together, they represented 75% of signals for Q1, with malicious code trailing at 11%. Scanning events were particularly active in the month of March, nearly doubling. This made it the dominant threat type in Q1 when compared to 2016, when intrusion attempts were most prominent.
“These changes in threat type volume indicate an increase in information-gathering as attackers regroup to determine the best methods of attack going forward,” the firm said in the report.
March also saw an increase in the use of malicious code, while denial-of-service attacks saw a slight decline.
“As exploitation becomes more costly for attackers, analysts are observing a gradual transition to tactics that rely on social engineering,” eSentire said. “This includes phishing, spam and webpages that manipulate users into installing malware on their computer or divulging confidential information.”
Interestingly, analysis of weekday threat activity suggests that some threat activity is comprised of business models that respect the traditional work week, indicating an organization or structured threat actor. Malicious code was particularly active Tuesday through Thursday, and scanning and fraud both saw reduced activity during the weekends. Intrusion attempts and DDoS seem to have no clear weekday preference.