FireEye, an intelligence-led security company, released their Mandiant M-Trends 2019 report earlier in March. The report shares statistics and insights gleaned from Mandiant, a FireEye cybersecurity company, that conducted investigations around the globe in 2018. Key findings include:
Dwell time decreasing as organizations improve detection capabilities – In 2017, the median duration between the start of an intrusion and the identification by an internal team was 57.5 days. In 2018 this duration decreased to 50.5 days. While organizations are getting better and faster at discovering breaches internally, rather than being notified by an outside source such as law enforcement, there is also a rise in disruptive, ransom, or otherwise immediately visible attacks. The global median dwell time before any detection – external or internal – has also decreased by almost one month – going from 101 days in 2017 to 78 days in 2018. The same measurement was as high as 416 days back in 2011.
Nation-state threat actors are continuing to evolve and change – Through ongoing tracking of threat actors from North Korea, Russia, China, Iran, and other countries, FireEye has observed these actors continually enhancing their capabilities and changing their targets in alignment with their political and economic agendas. Significant investments have provided these actors with more sophisticated tactics, tools, and procedures, with some becoming more aggressive, and others better at hiding and staying persistent for longer periods of time.
Subscribe to SAE’s growing collections of standards, papers, journals, books, and more for:
Attackers are becoming increasingly persistent – FireEye data provides evidence that organizations which have been victims of a targeted compromise are likely to be targeted again. Global data from 2018 found that 64 percent of all FireEye managed detection and response customers who were previously Mandiant incident response clients were targeted again in the past 19 months by the same or similarly motivated attack group, up from 56 percent in 2017.
Many attack vectors used to get to targets, including M&A activity – Attacker activity touches countries across the globe. Among them, FireEye observed an increase in compromises through phishing attacks during mergers & acquisitions (M&A) activity. Attackers are also targeting data in the cloud, including cloud providers, telecoms, and other service providers, in addition to re-targeting past victim organizations.
“In 2018, FireEye saw organizations respond faster to breaches than ever before, but we’ve also seen attackers become increasingly sophisticated as they adopt new methods,” said Jurgen Kutscher, Executive Vice President of Service Delivery at FireEye. “Our 2019 M-Trends report shows that no industry is safe from these threats, which is why it is positive to see breach response times improving across the board. However, most attackers only need a few days inside an organization to cause costly damage so the battle on the front lines of cyber-attacks will continue for the foreseeable future.”
Click the link below to download the report.
Matt De Reno is SAE MOBILUS web portal manager at SAE International. His interests include automated and connected vehicles, micromobility, smart cities, and automotive cybersecurity.
Download FireEye Report