Latest news
Mandiant threat report on advanced targeted attacks
Posted on 13 March 2013.
Mandiant released its fourth annual M-Trends report, which details the tactics used by threat actors to compromise organizations and steal data. It also highlights incident response best practices employed by organizations that are most successful in combating advanced attackers.
This year’s M-Trends also includes an overview of the APT1 threat group and a link to more than 3,000 technical indicators that Mandiant has provided to organizations so they can bolster their defenses.
“We’ve seen first-hand that a sophisticated attacker can breach any network given enough time and determination,” said Grady Summers, Mandiant vice president and one of the report’s contributing authors. “It’s not enough for companies to ask ‘Are we secure?’ They need to be asking 'How do we know we're not compromised today? How would we know? What would we do about it if we were?'”
Some of the report’s highlights include:
Nearly two-thirds of organizations learn they are breached from an external source.
Targeted attacks continue to evade preventive defenses, but organizations are getting better at discovering them on their own. Still, a full 63 percent of victims were made aware they had been breached by an external organization such as law enforcement.
The typical advanced attack goes unnoticed for nearly eight months.
Attackers spend an estimated 243 days on a victim’s network before they are discovered – 173 days fewer than in 2011. Though organizations have reduced the average time between compromise and detection by 40%, many are still compromised for several years before detecting a breach.
Attackers are increasingly using outsourced service providers as a means to gain access to their victims.
As companies continue to outsource business processes such as finance, accounting, HR, and procurement, advanced attack groups are increasingly taking advantage of those relationships to gain access to the organizations.
Attackers are using comprehensive network reconnaissance to help them navigate victims’ networks faster and more effectively.
Attackers are frequently stealing data related to network infrastructure, processing methodologies, and system administration guides to gather the reconnaissance data they need to more quickly exploit network and system misconfigurations.
Advanced Persistent Threat (APT) attackers continue to target industries that are strategic to their growth and will return until their mission is complete.
Mandiant observed a relationship between the strategic priorities of the People’s Republic of China (PRC), the operations of PRC state-owned enterprises (SOEs), and data stolen through cyber intrusions from a wide variety of clients and industries. Of the top three industries repeatedly targeted, aerospace topped the list, followed by energy, oil and gas, and pharmaceuticals.
Once a target, always a target.
Organizations are being targeted by more than one attack group, sometimes in succession. In 2012, 38% of targets were attacked again once the original incident was remediated. Of the total cases Mandiant investigated in 2012, attackers lodged more than one thousand attempts to regain entry to former victims.
The complete report is available here (registration required).
This year’s M-Trends also includes an overview of the APT1 threat group and a link to more than 3,000 technical indicators that Mandiant has provided to organizations so they can bolster their defenses.
“We’ve seen first-hand that a sophisticated attacker can breach any network given enough time and determination,” said Grady Summers, Mandiant vice president and one of the report’s contributing authors. “It’s not enough for companies to ask ‘Are we secure?’ They need to be asking 'How do we know we're not compromised today? How would we know? What would we do about it if we were?'”
Some of the report’s highlights include:
Nearly two-thirds of organizations learn they are breached from an external source.
Targeted attacks continue to evade preventive defenses, but organizations are getting better at discovering them on their own. Still, a full 63 percent of victims were made aware they had been breached by an external organization such as law enforcement.
The typical advanced attack goes unnoticed for nearly eight months.
Attackers spend an estimated 243 days on a victim’s network before they are discovered – 173 days fewer than in 2011. Though organizations have reduced the average time between compromise and detection by 40%, many are still compromised for several years before detecting a breach.
Attackers are increasingly using outsourced service providers as a means to gain access to their victims.
As companies continue to outsource business processes such as finance, accounting, HR, and procurement, advanced attack groups are increasingly taking advantage of those relationships to gain access to the organizations.
Attackers are using comprehensive network reconnaissance to help them navigate victims’ networks faster and more effectively.
Attackers are frequently stealing data related to network infrastructure, processing methodologies, and system administration guides to gather the reconnaissance data they need to more quickly exploit network and system misconfigurations.
Advanced Persistent Threat (APT) attackers continue to target industries that are strategic to their growth and will return until their mission is complete.
Mandiant observed a relationship between the strategic priorities of the People’s Republic of China (PRC), the operations of PRC state-owned enterprises (SOEs), and data stolen through cyber intrusions from a wide variety of clients and industries. Of the top three industries repeatedly targeted, aerospace topped the list, followed by energy, oil and gas, and pharmaceuticals.
Once a target, always a target.
Organizations are being targeted by more than one attack group, sometimes in succession. In 2012, 38% of targets were attacked again once the original incident was remediated. Of the total cases Mandiant investigated in 2012, attackers lodged more than one thousand attempts to regain entry to former victims.
The complete report is available here (registration required).
Spotlight
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
Application vulnerabilities still a top security concern
Posted on 16 May 2013. | Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ priorities and security professionals’ concerns.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
