Every year Mandiant responds to a large number of
cyber attacks, and 2016 was no exception. For our M-Trends 2017 report, we took a look at
the incidents we investigated last year and provided a global and
regional (the Americas, APAC and EMEA) analysis focused on attack
trends, and defensive and emerging trends.
When it comes to attack trends, we’re seeing a much higher degree of
sophistication than ever before. Nation-states continue to set a high
bar for sophisticated cyber attacks, but some financial threat actors
have caught up to the point where we no longer see the line separating
the two. These groups have greatly upped their game and are thinking
outside the box as well. One unexpected tactic we observed is
attackers calling targets directly, showing us that they have become
While there has been a marked acceleration of both the
aggressiveness and sophistication of cyber attacks, defensive
capabilities have been slower to evolve. We have observed that a
majority of both victim organizations and those working diligently on
defensive improvements are still lacking adequate fundamental security
controls and capabilities to either prevent breaches or to minimize
the damages and consequences of an inevitable compromise.
Fortunately, we’re seeing that organizations are becoming better are
identifying breaches. The global median time from compromise to
discovery has dropped significantly from 146 days in 2015 to 99 days
2016, but it’s still not good enough. As we noted in M-Trends
2016, Mandiant’s Red Team can obtain access to domain
administrator credentials within roughly three days of gaining initial
access to an environment, so 99 days is still 96 days too long.
We strongly recommend that organizations adopt a posture of
continuous cyber security, risk evaluation and adaptive defense or
they risk having significant gaps in both fundamental security
controls and – more critically – visibility and detection of targeted attacks.
On top of our analysis of recent trends, M-Trends 2017
contains insights from our FireEye as a Service (FaaS) teams for the
second consecutive year. FaaS monitors organizations 24/7, which gives
them a unique perspective into the current threat landscape.
Additionally, this year we partnered with law firm DLA Piper for a
discussion of the upcoming changes in EMEA data protection laws.
This is a Security Bloggers Network syndicated blog post authored by Nick Harbour. Read the original post at: Threat Research Blog