Upload File

m-trends 2019 infographic part 1 - fireeye · 12/19/2018  · global americas emea apac dwell time...

  • Home
  • Documents
  • M-Trends 2019 Infographic Part 1 - FireEye · 12/19/2018  · GLOBAL AMERICAS EMEA APAC DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median
1
NEW APT GROUPS In 2018, FireEye promoted four attackers from previously tracked TEMP groups to advanced persistent threat (APT) groups. ONCE A TARGET, ALWAYS A TARGET In 2018, the number of retargeted customers continued to climb. 1 If you’ve been breached once, you’re much more likely to be targeted again and suffer another breach. 100 80 60 40 20 0 RETARGETED INCIDENT RESPONSE CLIENTS BY REGION 2017 56% 44% 47% 91% 2018 64% 63% 57% 78% EMEA APAC GLOBAL AMERICAS DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median dwell times have decreased significantly, from 416 days in 2011 to just 78 days in 2018. While median dwell times have decreased globally and in the Americas, dwell times increased in APAC and EMEA, where security teams are still uncovering historical attacks. GLOBAL MEDIAN DWELL TIME 600 500 400 300 200 100 0 2018 2017 YEARS DWELL TIME (DAYS) Dwell time is the number of days an attacker is present on a victim network, from first evidence of compromise to detection. In 2018, 31% of the compromises we investigated had dwell times of 30 days or less, compared to 28% in 2017. This may be due to an increase in financially motivated compromises such as ransomware, which tend to have an immediate impact on targeted organizations—but are detected immediately as well. GLOBAL DWELL TIME DISTRIBUTION EMEA APAC GLOBAL AMERICAS 101 76 175 2016 99 99 106 172 498 78 71 177 204 DWELL TIME (DAYS) 0-7 201-300 8-14 15-30 31-45 46-60 61-75 76-90 91-150 151-200 901-1000 301-400 401-500 501-600 601-700 2000+ 701-800 801-900 1000-2000 20 15 10 5 0 15% 7% 9% 7% 7% 10% 6% 6% 7% 3% 1% 4% 2% 1% 0 1% 7% 4% 2% INVESTIGATIONS IN 2018 (PERCENTAGE) INCIDENT RESPONSE CLIENTS (PERCENTAGE) 11% HEALTH EDUCATION FINANCE FINANCE HEALTH EDUCATION 13% 18% TOP 3 RETARGETED INDUSTRIES 20 15 10 5 0 PERCENTAGE BREACH NOTIFICATION SOURCES Since 2015, organizations have gotten better at discovering compromises on their own, as opposed to being notified by external sources. 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0 2011 2012 2013 2014 2015 2016 2017 2018 EXTERNAL INTERNAL 94% 63% 67% 69% 53% 47% 38% 41% 6% 37% 33% 31% 47% 53% 62% 59% DATE NAME: DECEMBER 19, 2018 NAME: APT40 ORIGIN OR SPONSORING NATION: CHINA SOUTHEAST ASIA PRIMARY INDUSTRY TARGETS AVIATION CHEMICALS DEFENSE EDUCATION PRIMARY REGIONAL TARGET SOUTHEAST ASIA GOVERNMENT HIGH-TECH MARITIME RESEARCH APT40 1298234298263 9874293847293 8472938472938 4729384729387 429837429834 7293847293568 420394820394 802936293874 9238742938792 834738472938 4729384798738 3872384798729 APT39 DATE NAME: DECEMBER 12, 2018 NAME: APT39 ORIGIN OR SPONSORING NATION: IRAN MIDDLE EAST IRAN PRIMARY INDUSTRY TARGETS HIGH-TECH TELECOMMUNICATIONS TRANSPORTATION TRAVEL PRIMARY REGIONAL TARGET MIDDLE EAST CHINA 3 4 2 7 3 8 9 4 7 2 3 0 9 4 8 3 0 2 9 3 8 4 3 4 2 7 3 8 9 4 7 2 3 0 9 4 8 3 0 2 9 38 34 27389 4723 0 9 4 83 0 2938 4 3 4 2738 9 4 72 3 0 9 4 8 3 0 2 9 3 8 4 3 4 2 7 3 8 9 4 7 2 3 0 9 4 8 3 0 2 9 38 4 3 4 2 7 3 8 9 4 7 2 3 0 9 4 8 3 0 2 9 3 8 4 APT38 DATE NAME: OCTOBER 2, 2018 NAME: APT38 ORIGIN OR SPONSORING NATION: NORTH KOREA NORTH KOREA INTER-BANK FINANCIAL SYSTEMS FINANCIAL INSTITUTIONS PRIMARY INDUSTRY TARGETS PRIMARY REGIONAL TARGET ECONOMICALLY DEVELOPING REGIONS APT37 DATE NAME: FEBRUARY 19, 2018 NAME: APT37 ORIGIN OR SPONSORING NATION: NORTH KOREA MIDDLE EAST NORTH KOREA HEALTH CARE ENTITIES ELECTRONICS MANUFACTURING PRIMARY INDUSTRY TARGETS AUTOMOTIVE CHEMICALS AEROSPACE PRIMARY REGIONAL TARGET JAPAN MIDDLE EAST SOUTH KOREA VIETNAM SOUTH KOREA JAPAN JAPAN ECONOMICALLY DEVELOPING REGIONS © 2019 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. F-EXT-IG-US-EN-000187-01 1 We define “retargeted customers” as FireEye managed detection and response customers who were previously Mandiant incident response clients and were targets of one significant attack in the past 19 months by the same or similarly motivated attack group. Download the full M-Trends 2019 report > M-TRENDS 2019 A FIREEYE MANDIANT SPECIAL REPORT

Upload: others

Post on 24-Sep-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: M-Trends 2019 Infographic Part 1 - FireEye · 12/19/2018  · GLOBAL AMERICAS EMEA APAC DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median

NEW APT GROUPS In 2018, FireEye promoted four attackers from previously tracked TEMP groups to advanced persistent threat (APT) groups.

ONCE A TARGET,ALWAYS A TARGET

In 2018, the number of retargeted customers continued to climb.1 If you’ve been breached once, you’re much more likely to be targeted again and su�er another breach.

100

80

60

40

20

0

RETARGETED INCIDENT RESPONSE CLIENTS BY REGION

2017

56%

44%47%

91%

2018

64% 63%57%

78%

EMEA APACGLOBAL AMERICAS

DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median dwell times have decreased significantly, from 416 days in 2011 to just 78 days in 2018.

While median dwell times have decreased globally and in the Americas, dwell times increased in APAC and EMEA, where security teams are still uncovering historical attacks.

GLOBAL MEDIAN DWELL TIME

600

500

400

300

200

100

020182017

YEARS

DWEL

L TI

ME

(DAY

S)

Dwell time is the number of days an attacker is present on a victim network, from first evidence of compromise to detection.

In 2018, 31% of the compromises we investigated had dwell times of 30 days or less, compared to 28% in 2017. This may be due to an increase in financially motivated compromises such as ransomware, which tend to have an immediate impact on targeted organizations—but are detected immediately as well.

GLOBAL DWELL TIME DISTRIBUTION

EMEA APACGLOBAL AMERICAS

10176

175

2016

99 99106

172

498

78 71

177204

DWELL TIME (DAYS)

0-7

201-3

008-

1415

-30

31-4

5

46-60

61-75

76-9

0

91-150

151-2

00

901-1000

301-4

00

401-500

501-6

00

601-700

2000+

701-8

00

801-9

00

1000-2

000

20

15

10

5

0

15%

7%

9%7% 7%

10%

6% 6%7%

3%1%

4%

2% 1%0 1%

7%

4%

2%

INVE

STIG

ATIO

NS IN

201

8 (P

ERCE

NTAG

E)IN

CIDE

NT R

ESPO

NSE

CLIE

NTS

(PER

CENT

AGE)

11%

HEALTH EDUCATIONFINANCE

FINANCE HEALTH EDUCATION

13%

18%

TOP 3 RETARGETED INDUSTRIES

20

15

10

5

0

PERC

ENTA

GE

BREACH NOTIFICATION SOURCES

Since 2015, organizations have gotten better at discovering compromises on their own, as opposed to being notified by external sources.

100%

90%

80%

70%

60%

50%

40%

30%

20%

10%

02011 2012 2013 2014 2015 2016 2017 2018

EXTERNAL INTERNAL

94%

63%67% 69%

53%

47%

38%41%

6%

37%33% 31%

47%

53%

62%59%

DATE NAME: DECEMBER 19, 2018NAME: APT40 ORIGIN OR SPONSORING NATION: CHINA

SOUTHEAST ASIA

PRIMARY INDUSTRY TARGETS

AVIATION

CHEMICALS

DEFENSEEDUCATION

PRIMARY REGIONAL TARGET

SOUTHEAST ASIA GOVERNMENT

HIGH-TECH

MARITIMERESEARCH

APT40

12982342982639874293847293847293847293847293847293874298374298347293847293568420394820394802936293874923874293879283473847293847293847987383872384798729APT39

DATE NAME: DECEMBER 12, 2018NAME: APT39 ORIGIN OR SPONSORING NATION: IRAN

MIDDLE EAST

IRAN

PRIMARY INDUSTRY TARGETS

HIGH-TECH

TELECOMMUNICATIONS

TRANSPORTATIONTRAVEL

PRIMARY REGIONAL TARGET

MIDDLE EAST

CHINA

3427

3894

7230

9483

0293

84

34273

89472309483029384

34273894723094830293843427389472309483029384

342738947230948302938434273894723094

83029384

APT38

DATE NAME: OCTOBER 2, 2018NAME: APT38 ORIGIN OR SPONSORING NATION: NORTH KOREA

NORTH KOREA

INTER-BANK FINANCIAL SYSTEMS

FINANCIAL INSTITUTIONS

PRIMARY INDUSTRY TARGETSPRIMARY REGIONAL TARGET

ECONOMICALLY DEVELOPING REGIONS

APT37

DATE NAME: FEBRUARY 19, 2018NAME: APT37 ORIGIN OR SPONSORING NATION: NORTH KOREA

MIDDLE EAST

NORTH KOREA

HEALTH CARE ENTITIES

ELECTRONICS

MANUFACTURING

PRIMARY INDUSTRY TARGETS

AUTOMOTIVE

CHEMICALS

AEROSPACE

PRIMARY REGIONAL TARGET

JAPAN

MIDDLE EAST

SOUTH KOREAVIETNAM

SOUTH KOREA

JAPAN

JAPAN

ECONOMICALLY DEVELOPING REGIONS

© 2019 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. F-EXT-IG-US-EN-000187-01

1 We define “retargeted customers” as FireEye managed detection and response customers who were previously Mandiant incident response clients and were targets of one significant attack in the past 19 months by the same or similarly motivated attack group.

Download the full M-Trends 2019 report >

M-TRENDS 2019A FIREEYE MANDIANT SPECIAL REPORT

FireEye Managed Defense...FireEye Managed Defense is a managed detection and response (MDR) service that combines industry recognized cyber security expertise, FireEye technology and

STAND FOR MORE - FireEye...Fuel Consulting Partners Amid a barrage of attacks and high-profile breaches, many organizations are committing to significant IT security review and improvement

Imperva SecureSphere and FireEye Malware Protection System … · 2016. 1. 22. · IMPV-SB-FireEye-0116-v1 FireEye Malware Protection System enables organizations to: • Protects

FireEye v.6.0 Security Target - Common Criteriacommoncriteriaportal.org/files/epfiles/st_vid10458-st.pdf · 2011-11-03 · FireEye, Inc. Page 1 Version 1.1 May 11, 2011 FireEye v.6.0

WHITE PAPER Rationalization - FireEye

FireEye App for Splunk Enterprise · 7 FireEye App for Splunk Enterprise Documentation Version 1.1 Installing the FireEye App for Splunk Enterprise Use the App Manager within Splunk

FireEye - ISPAB Threat Environment

FireEye Endpoint Security Tech Preview - Process Guard ......FireEye, Inc. | 601 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) [email protected] | © 2019

SETTING DWELL AUTO 2 DWELL TIME IN DEGREES THAT POINTS ARE ____________. MAXIMUM DWELL FOR A 4 CYLINDER? MAXIMUM DWELL FOR AN 8 CYLINDER? MAXIMUM DWELL

Insight into the Nordics Threat Landscape - FireEye · Copyright © 2014, FireEye, Inc. All rights reservedCopyright © 2015, FireEye, Inc. Title: PowerPoint Presentation Author ~~~

Flare&On)4:)Challenge)7)Solution)–)zsud.exe) - FireEye · FireEye,!Inc.,!1440!McCarthy!Blvd.,!Milpitas,!CA!95035!!|!!+1!408.321.6300!!|!!+1!877.FIREEYE!(347.3393)!!|[email protected]!!|!!!!!!!1!

Cyber Security Experts & Solution Providers | FireEye - FireEye Cyber … · 2019-11-13 · ©2019 FireEye §27% of organizations characterize their cyber security program as semi-

Disruptive Breaches Cyber Secur… · NORTH KOREA ©2018 FireEye | Private & Confidential ©2018 FireEye | Private & Confidential Guardians of Peace vs. Whois Team (Dark Seoul) US-based

Comparison of AppGuard® with FireEye® Endpoint Security › wp-content › uploads › 2019 › 01 › App... · 2019-06-05 · FireEye endpoint agents REQUIRE numerous FireEye

Fireeye Advanced Threat Protection

FireEye Use Cases — FireEye Solution Deployment Experience

Flare-On 6: Challenge 6 BMPHIDE - FireEye...FireEye, Inc. | 601 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) [email protected] | 6 –

Threat hunting and incident response with FireEye - …...Agenda •About CS Computer Systems •Security Timeline •Threat Hunting and Incident Response •FireEye technology •FireEye

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye

FireEye and Splunk: Intro to Integration · FireEye and Splunk: Intro to Integration . ... This architecture has become a possibility in the 7.1 version of the FireEye CMS. ... Ex:

STARTER KIT Infoblox DNS Firewall for FireEye KIT Infoblox DNS Firewall for FireEye. ... User Community ... Administrator guide. • You cannot add a FireEye integrated RPZ during

FireEye - Breaches are inevitable, but the outcome is not

FireEye Security Notice · FireEye is in the process of evaluating these set of NTP vulnerabilities’ impact to all products and services within our portfolio and patching. FireEye

Cyber Risk Report 2017 | Cyber Threats to Europe | FireEye · anticipate, cyber breaches begin to fill the headlines of the major European newspapers in 2017, management teams will

FireEye Network Security - isab.it · FireEye Network Security Effective protection against cyber breaches for midsize to large organizations OVERVIEW FireEye Network Security is

IntSights for FireEye Integration Benefits External Threat … · 2020-06-07 · IntSights for FireEye External Threat Protection and Enterprise Security IntSights and FireEye deliver

Save on Real-Time Threat Protection with FireEye › content › dam › wcgcom › ...Save on Real-Time Threat Protection with FireEye he FireEye platform, including security management

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye

Today’s new breed of cyber attacks easily bypass ...symbiocyber.com/Products/pdf/fireeye-advanced-threat-protection.pdf · About FireEye, Inc. FireEye® has pioneered the next generation

VISION - FireEye · Why FireEye was #1 FireEye leads the pack with its collection capabilities. The importance of iSight Partners and Mandiant cannot be overlooked when assessing

Fireeye malware-supply-chain

FIREEYE NETWORK SECURITY

Transforming Security Operations - FireEye · manual efforts forced on the security operations team. ... FireEye Helix delivers a new, unified user experience across the FireEye product

FireEye App for Splunk App Documentation - …tmp.vpetkov.net/fe-splunk.pdfFireEye App for Splunk App Documentation Version 1.1 FireEye App for Splunk . Table of Contents FireEye App

The FireEye Market...the FireEye HX Endpoint product, built by one of our talented Sales Engineers. The app provides additional features and capabilities over the standard FireEye