FireEye, the leader at stopping today’s advanced cyber attacks, has announced the release of the sixth annual Mandiant M-Trends report. Compiled from advanced threat investigations conducted by Mandiant’s leading consultants in 2014, “M-Trends 2015: A View from the Front Lines” details trends and novel tactics employed by threat actors to compromise the world’s leading businesses and steal data.
“As the events of 2014 demonstrated, there is no such thing as perfect security,” said Kevin Mandia, SVP and COO, FireEye. “Based on the incidents that Mandiant investigated in 2014, threat actors have continued to evolve, up their game, and utilise new tools and tactics to compromise organisations, steal data and cover their tracks.”
Some of the report’s key findings include:
- The time it takes organisations to discover compromises continues to drop.
The median number of days attackers were present on a victim’s network before being discovered dropped to 205 days in 2014 from 229 in 2013 and 243 in 2012; however, breaches can go undetected for years. In an extreme case, one organisation that Mandiant responded in 2014 to had been breached for over eight years unknowingly.
- It is becoming more and more difficult for organisations to detect breaches on their own.
In 2014, only 31% of organisations discovered they were breached via their own resources – down from 33% in 2013 and 37% in 2012.
- A common thread in major retail breaches last year.
Mandiant’s investigations of attacks on retailers in 2014 revealed a common security weakness across many of them: retailers thought their virtual machines were sufficiently secured but did not implement two-factor authentication, allowing a single stolen user credential to make their entire networks vulnerable.
- Threat actors impersonating the IT department has become an even more popular tactic.
IT-posing phishing emails comprised 78% of observed phishing schemes we saw in 2014 versus just 44% in 2013.
- A rise in e-commerce attacks in countries that utilise the chip-and-pin (EMV) security technology for credit cards.
We responded to more compromises of e-commerce companies and payment processors in countries that use chip-and-pin than we have in the past, suggesting increasing threats for e-commerce businesses in the U.S. as the nation begins to adopt the technology.
- Attackers are becoming smarter about hiding in the most complex parts of the operating system. Just as they are also getting smarter about accessing the most complex parts of hardware, Mandiant saw more attackers utilize several complex tactics including using Windows Management Instrumentation to avoid detection and carry out broad commands on a system.
About FireEye, Inc.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,100 customers across 67 countries, including over 200 of the Fortune 500.