Connect with us

Trends

The evolving global cyber threat landscape directly from the frontlines

The global median dwell time––which is calculated as the median number of days an attacker is present in a target’s environment before being detected––decreased from 24 days in 2020 to 21 days in 2021. The APAC region saw the biggest decline in median dwell time, dropping to just 21 days in 2021 compared to 76 days in 2020. Median dwell time also fell in EMEA, down to 48 days in 2021 compared to 66 days the year before. In the Americas, median dwell time stayed steady at 17 days, according to a report by Mandiant, Inc.

In EMEA and APAC, the majority of intrusions in 2021 were identified by external third parties (62% and 76%, respectively), a reversal of what was observed in 2020. In the Americas, the detection by source remained constant with most intrusions detected internally by organizations themselves (60%).

Organizations’ improved threat visibility and response as well as the pervasiveness of ransomware––which has a significantly lower median dwell time than non-ransomware intrusions––are likely driving factors behind reduced median dwell time.

New Threats Emerge as China Ramps Up Espionage Activity
M-Trends 2022 also notes a realignment and retooling of China cyber espionage operations to align with the implementation of China’s 14th Five-Year Plan in 2021. The national-level priorities included in the plan “signal an upcoming increase in China-nexus actors conducting intrusion attempts against intellectual property or other strategically important economic concerns, as well as defense industry products and other dual-use technologies over the next few years.”

Strengthening Security Posture
Additional takeaways
Infection Vector: For the second year in a row, exploits remained the most frequently identified initial infection vector. In fact, of the incidents that Mandiant responded to during the reporting period, 37% started with the exploitation of a security vulnerability, as opposed to phishing, which accounted for only 11%. Supply chain compromises increased dramatically, from less than 1% in 2020 to 17% in 2021.

Target industries impacted: Business and professional services and financial were the top two industries targeted by adversaries (14%, respectively), followed by healthcare (11%), retail and hospitality (10%) and tech and government (both at 9%).

New Multifaceted Extortion and Ransomware TTPs: Mandiant observed multifaceted extortion and ransomware attackers using new tactics, techniques and procedures (TTPs) to deploy ransomware rapidly and efficiently throughout business environments, noting that the pervasive usage of virtualization infrastructure in corporate environments has made it a prime target for ransomware attackers.

Executive Quotes
“This year’s M-Trends report reveals fresh insight into how threat actors are evolving and using new techniques to gain access into target environments. While exploits continue to gain traction and remain the most frequently identified infection vector, the report notes a significant increase in supply chain attacks. Conversely, there was a noticeable drop in phishing this year, reflecting organizations’ improved awareness and ability to better detect and block these attempts. In light of the continued increased use of exploits as an initial compromise vector, organizations need to maintain focus on executing on security fundamentals––such as asset, risk and patch management.” – Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant

“Multifaceted extortion and ransomware continue to pose huge challenges for organizations of all sizes and across all industries, with this year’s M-Trends report noting a specific rise in attacks targeting virtualization infrastructure. The key to building resilience lies in preparation. Developing a robust preparedness plan and well-documented and tested recovery process can help organizations successfully navigate an attack and quickly return to normal business operations.” – Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant

“Chinese cyber espionage activity ramped up significantly in recent years, with Asia and the U.S. remaining the most targeted regions. This year’s M-Trends report notes a specific focus on government organizations as well as the use of the same malware families among multiple cyber espionage actor sets, likely due to resource and tool sharing by disparate groups. Further, with the implementation of China’s 14th Five-Year Plan in 2021, we expect to see cyber espionage activity continue to accelerate in support of China’s national security and economic interests over the next few years.” – Charles Carmakal, Senior Vice President and Chief Technology Officer, Mandiant

“Several trends from previous years continued into 2021. Mandiant encountered more threat groups than any previous period, to include newly discovered groups. In a parallel trend, in this period we began tracking more new malware families than ever before. Overall, this speaks to a threat landscape that continues to trend upward in volume and threat diversity. We also continue to witness financial gain be a primary motivation for observed attackers, as case studies this year on FIN12 and FIN13 highlight. If we pivot to the defender perspective, we see several improvements despite an incredibly challenging threat landscape. As one example, this M-Trends report has the lowest global media dwell time on record. Additionally, APAC and EMEA showed the largest improvements in several threat detection categories compared to previous years.” – Sandra Joyce, Executive Vice President, Mandiant Intelligence, Mandiant

CT Bureau

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Copyright © 2024 Communications Today

error: Content is protected !!