What have incident responders observed and learned from cyber attacks
in 2017? Just as in prior years, we have continued to see the cyber
security threat landscape evolve. Over the past twelve months we have
observed a number of new trends and changes to attacks, but we have
also seen how certain trends and predictions from the past have been
confirmed or even reconfirmed.
Our 9th edition
of M-Trends draws upon the findings of one year of incident
response investigations across the globe. This data provides us with
insights into the evolution of nation-state sponsored threat actors,
new threat groups, and new trends and attacker techniques we have
observed during our investigations. We also compare this data to past
observations from prior M-Trends reports and continue our tradition of
reporting on key metrics and their development over time.
Some of the topics we cover in the 2018
M-Trends report include:
- How the global median
time from compromise to internal discovery has dropped from 80 days
in 2016 to 57.5 in 2017.
- The increase of attacks
originating from threat actors sponsored by Iran.
about attacks that have retargeted or even recompromised prior
victim organizations, a topic we previously discussed in our 2013
edition of M-Trends.
- The widening cyber security skills gap
and the rising demand for skilled personnel capable of meeting the
challenges posed by today’s more sophisticated threat actors.
- Frequently observed areas of weaknesses in security programs and
their relation to security incidents.
- Observations and
lessons we have learned from our red teaming exercises about the
effectiveness and gaps of common security controls.
By sharing this report with the security community, we continue our
tradition of providing security professionals with insights and
knowledge gained from recent breaches. We hope that you find this
report useful in your work to strengthen your security posture and
defend against the ever evolving threats.
This is a Security Bloggers Network syndicated blog post authored by Nick Harbour. Read the original post at: Threat Research Blog