FireEye, the intelligence-led security company, has released the Mandiant M-Trends 2019 Report. The report shares statistics and insights gleaned from Mandiant investigations around the globe in 2018.
Key findings include:
- Dwell time decreasing as organisations improve detection capabilities – In 2017, the median duration between the start of an intrusion and the identification by an internal team was 57.5 days. In 2018 this duration decreased to 50.5 days. While organisations are getting better and faster at discovering breaches internally, rather than being notified by an outside source such as law enforcement, there is also a rise in disruptive, ransom, or otherwise immediately visible attacks. The global median dwell time before any detection, external or internal, has also decreased by more than a month – going from 101 days in 2017 to 78 days in 2018. The same measurement was as high as 416 days back in 2011.
- Nation-state threat actors are continuing to evolve and change – Through ongoing tracking of threat actors from North Korea, Russia, China, Iran, and other countries, FireEye has observed these actors continually enhancing their capabilities and changing their targets in alignment with their political and economic agendas. Significant investments have provided these actors with more sophisticated tactics, tools, and procedures, with some becoming more aggressive, and others better at hiding and staying persistent for longer periods of time.
- Attackers are becoming increasingly persistent – FireEye data provides evidence that organisations which have been victims of a targeted compromise are likely to be targeted again. Global data from 2018 found that 64% of all FireEye managed detection and response customers who were previously Mandiant incident response clients were targeted again in the past 19 months by the same or similarly motivated attack group, up from 56% in 2017.
- Many attack vectors used to get to targets, including M&A activity – Attacker activity touches countries across the globe. Among them, FireEye observed an increase in compromises through phishing attacks during mergers and acquisitions (M&A) activity. Attackers are also targeting data in the cloud, including cloud providers, telecoms, and other service providers, in addition to re-targeting past victim organisations.
“In 2018, FireEye saw organisations respond faster to breaches than ever before, but we’ve also seen attackers become increasingly sophisticated as they adopt new methods,” said Jurgen Kutscher, Executive Vice President of Service Delivery at FireEye.
“Our 2019 M-Trends report shows that no industry is safe from these threats, which is why it is positive to see breach response times improving across the board. However, most attackers only need a few days inside an organisation to cause costly damage so the battle on the front lines of cyber-attacks will continue for the foreseeable future.”
A full copy of the 10th annual Mandiant M-Trends report is available for download here.