Mandiant reveals a ransom attack as a secondary source of income |
Fire Eye, the world leader in data-based and security-based security, released the results of its 2020 Annual Report on Cyber Security Mandiant® M-Trends®. The report includes statistics and an overview of Mandiant's investigations that covered the world in 2019.
Mandiant units report on the most important results:
Companies find and contain attacks faster:
The report's findings indicate a significant drop in the average global decision time, indicated by the time since the start of the online hacking and infiltration cycle, with 56 days compared to 78 days reported in last year's report. By 28%.
Experts attribute this decrease to the improvements in detection agencies invested by the Mandiant Division, as well as to the waves of change affecting the attackers' behavior, for example B. On the continuous growth of sabotage attacks such as ransomware and operations. Cryptocurrency mining, which often takes time compared to other attacks, accuracy time is shorter and internal and external detection time is generally reduced.
- Average facility time to take an external infiltration incident: The maximum of 141 days has been reached, or 23% of the 184 days reported.
- Average time for an organization to detect weakness: 30 threshold, 40% decrease from the previous year, and before that at 50.5 days. Although the internal accounting period has improved significantly, the internal clearing period has been reduced by 12%. The investigation takes another 700 days.
Internal inspections are at their lowest levels in four years:
In addition to reducing the time to resolve intrusions discovered by the organization itself, the percentage of self-discovered security incidents decreased compared to those detected by external sources.
In the wake of the steady growth in internal settlement activities observed since 2011, the share of internal settlement activities decreased by 12% within one year.
On the other hand, 2019 was the first time in four years that external reports exceeded the number of internal reports when external agencies informed agencies that they had suffered damage.
This change can be attributed to several factors, for example the large number of supplier notices related to law enforcement and cybersecurity regulations, changes in disclosure requirements in the event of a violation, and compliance laws. ,
The Mandiant report said, "The agency's ability to detect penetration is unlikely to deteriorate," as other indications point to continuous improvement in the organization's detection and response operations.
Watch out for hundreds of new malware families:
The new report describes the mechanisms observed to monitor malware families in 2019, saying that 41% had not been observed before and that 70% of the detected and specific samples were among the five most common families, one of which was based on open source tools and programs with active development mechanisms.
These points make it clear that the malware developers are not only focused on innovation, because hackers also rely on outsourcing to get the job done and complete operations and attacks faster.
Also, it should be noted that most of the new malware families affect Windows or several other systems, and the Mandiant report has identified new malicious families that only affect Linux or Macintosh operating systems, and these however, activity is limited.
High liquidity means more serious ransom attacks:
Of all the attacks experienced by Mandiant unit experts, the vast majority (29%) were aiming for direct financial gains, including extortion, extortion, card theft and illegal transfers, while 22%, the most common category in the attack, preferred data. Theft to support intellectual property or spies.
The successful withdrawal of funds from malware ransomware attacks and the availability of ransomware propagation as a service has increased the total number of malware ransom cases.
Cybercrime groups that were used to target personal and credit card information have turned to increased ransom use as a secondary means of generating income.
Given the ease of launching the ransom attack and the overwhelming success of fundraising for the attackers, Fire Eye's expectation is that the malicious ransom will continue to be used as an additional method to generate additional revenue. By accessing the victim's environment. Investments.
"The report of the Fine Eye Mandy division monitors the level of cyber security in the organization and has achieved significant improvements, but it will address the enormous challenges they face. The field remains a major challenge for them. Currently, the most active groups have pursued," said Juergen Kutcher, Vice President of Fire Eye. Ever been a major expansion of the target area, it is therefore important that organizations continue their efforts to build and test their defenses.