m-trends 2019 infographic part 1 - fireeye · 12/19/2018 · global americas emea apac dwell time...
Post on 24-Sep-2020
1 Views
Preview:
TRANSCRIPT
NEW APT GROUPS In 2018, FireEye promoted four attackers from previously tracked TEMP groups to advanced persistent threat (APT) groups.
ONCE A TARGET,ALWAYS A TARGET
In 2018, the number of retargeted customers continued to climb.1 If you’ve been breached once, you’re much more likely to be targeted again and su�er another breach.
100
80
60
40
20
0
RETARGETED INCIDENT RESPONSE CLIENTS BY REGION
2017
56%
44%47%
91%
2018
64% 63%57%
78%
EMEA APACGLOBAL AMERICAS
DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median dwell times have decreased significantly, from 416 days in 2011 to just 78 days in 2018.
While median dwell times have decreased globally and in the Americas, dwell times increased in APAC and EMEA, where security teams are still uncovering historical attacks.
GLOBAL MEDIAN DWELL TIME
600
500
400
300
200
100
020182017
YEARS
DWEL
L TI
ME
(DAY
S)
Dwell time is the number of days an attacker is present on a victim network, from first evidence of compromise to detection.
In 2018, 31% of the compromises we investigated had dwell times of 30 days or less, compared to 28% in 2017. This may be due to an increase in financially motivated compromises such as ransomware, which tend to have an immediate impact on targeted organizations—but are detected immediately as well.
GLOBAL DWELL TIME DISTRIBUTION
EMEA APACGLOBAL AMERICAS
10176
175
2016
99 99106
172
498
78 71
177204
DWELL TIME (DAYS)
0-7
201-3
008-
1415
-30
31-4
5
46-60
61-75
76-9
0
91-150
151-2
00
901-1000
301-4
00
401-500
501-6
00
601-700
2000+
701-8
00
801-9
00
1000-2
000
20
15
10
5
0
15%
7%
9%7% 7%
10%
6% 6%7%
3%1%
4%
2% 1%0 1%
7%
4%
2%
INVE
STIG
ATIO
NS IN
201
8 (P
ERCE
NTAG
E)IN
CIDE
NT R
ESPO
NSE
CLIE
NTS
(PER
CENT
AGE)
11%
HEALTH EDUCATIONFINANCE
FINANCE HEALTH EDUCATION
13%
18%
TOP 3 RETARGETED INDUSTRIES
20
15
10
5
0
PERC
ENTA
GE
BREACH NOTIFICATION SOURCES
Since 2015, organizations have gotten better at discovering compromises on their own, as opposed to being notified by external sources.
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
02011 2012 2013 2014 2015 2016 2017 2018
EXTERNAL INTERNAL
94%
63%67% 69%
53%
47%
38%41%
6%
37%33% 31%
47%
53%
62%59%
DATE NAME: DECEMBER 19, 2018NAME: APT40 ORIGIN OR SPONSORING NATION: CHINA
SOUTHEAST ASIA
PRIMARY INDUSTRY TARGETS
AVIATION
CHEMICALS
DEFENSEEDUCATION
PRIMARY REGIONAL TARGET
SOUTHEAST ASIA GOVERNMENT
HIGH-TECH
MARITIMERESEARCH
APT40
12982342982639874293847293847293847293847293847293874298374298347293847293568420394820394802936293874923874293879283473847293847293847987383872384798729APT39
DATE NAME: DECEMBER 12, 2018NAME: APT39 ORIGIN OR SPONSORING NATION: IRAN
MIDDLE EAST
IRAN
PRIMARY INDUSTRY TARGETS
HIGH-TECH
TELECOMMUNICATIONS
TRANSPORTATIONTRAVEL
PRIMARY REGIONAL TARGET
MIDDLE EAST
CHINA
3427
3894
7230
9483
0293
84
34273
89472309483029384
34273894723094830293843427389472309483029384
342738947230948302938434273894723094
83029384
APT38
DATE NAME: OCTOBER 2, 2018NAME: APT38 ORIGIN OR SPONSORING NATION: NORTH KOREA
NORTH KOREA
INTER-BANK FINANCIAL SYSTEMS
FINANCIAL INSTITUTIONS
PRIMARY INDUSTRY TARGETSPRIMARY REGIONAL TARGET
ECONOMICALLY DEVELOPING REGIONS
APT37
DATE NAME: FEBRUARY 19, 2018NAME: APT37 ORIGIN OR SPONSORING NATION: NORTH KOREA
MIDDLE EAST
NORTH KOREA
HEALTH CARE ENTITIES
ELECTRONICS
MANUFACTURING
PRIMARY INDUSTRY TARGETS
AUTOMOTIVE
CHEMICALS
AEROSPACE
PRIMARY REGIONAL TARGET
JAPAN
MIDDLE EAST
SOUTH KOREAVIETNAM
SOUTH KOREA
JAPAN
JAPAN
ECONOMICALLY DEVELOPING REGIONS
© 2019 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. F-EXT-IG-US-EN-000187-01
1 We define “retargeted customers” as FireEye managed detection and response customers who were previously Mandiant incident response clients and were targets of one significant attack in the past 19 months by the same or similarly motivated attack group.
Download the full M-Trends 2019 report >
M-TRENDS 2019A FIREEYE MANDIANT SPECIAL REPORT
top related