While “large impactful [cyber] incidents” are on the rise, there are fewer “high-profile public disclosures,” according to a FireEye’s year’s M-Trends 2019 Report, which is based on FireEye Mandiant’s investigations of the most interesting and impactful cyberattacks of 2018.
Cyberattacks and data breaches seem to be in the news nearly every day. However, FireEye said that when posing the question, “As an industry, are we getting better at detecting threat actors?” The answer is “a big yes.” To back that answer up, FireEye explained that from Oct. 1, 2017, to Sept. 30, 2018, the global median dwell time – the average amount of time cyberattackers are able to operate before being detected – was 78 days, down from 101 days from the last report.
The report noted that “On the surface, not much has changed over the past 10 years. 2018 was much like 2017, and 2017 like the preceding years.” However, when digging deeper into the data, trends, and changes from year-to-year do emerge. FireEye noted two major trends from 2018:
- An increase in extortion incidents, relying on cryptocurrencies for anonymity
- A significant increase in public attribution performed by governments. FireEye noted that in recent years there has been a “significant” increase in public sector attribution of attack activity. However, the past year saw a “significant number of attacks publicly attributed by way of indictments from the U.S., U.K., Netherlands, and Germany … Governments have not changed their operational rules of engagement, but they are combating threats publicly through indictments.”
- Attackers are moving to the cloud. As software-as-a-service and cloud computing become more prevalent, cybercriminals are following the data. “Attacks against cloud providers, telecoms, and other organizations with access to large amounts of data have increased,” the report noted.
While those were the two primary trends, FireEye also noted some lower-level trends in 2018:
- Evolving APT activity in various global regions.
- Increased phishing risks during corporate mergers and acquisitions.
- Retargeted attacks are on the rise. If a company was the victim of a previous attack or data breach, it is much more likely to be a victim of another. In 2018, FireEye found that of its clients from a previous incident, 64 percent were the victim of another attack in 19 months. An increase from 56 percent in 2017. “This data further substantiates the fact that if you’ve been breached, you are much more likely to be targeted again and possibly suffer another,” the report noted.
- A better understanding of what defensive measures organizations need to take to defend against cyberattacks, including general posturing, privileged account management, Active Directory hardening, and endpoint hardening.