Upload File

m-trends 2019 infographic part 1 - fireeye · 12/19/2018  · global americas emea apac dwell time...

  • Home
  • Documents
  • M-Trends 2019 Infographic Part 1 - FireEye · 12/19/2018  · GLOBAL AMERICAS EMEA APAC DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median
1
NEW APT GROUPS In 2018, FireEye promoted four attackers from previously tracked TEMP groups to advanced persistent threat (APT) groups. ONCE A TARGET, ALWAYS A TARGET In 2018, the number of retargeted customers continued to climb. 1 If you’ve been breached once, you’re much more likely to be targeted again and suffer another breach. 100 80 60 40 20 0 RETARGETED INCIDENT RESPONSE CLIENTS BY REGION 2017 56% 44% 47% 91% 2018 64% 63% 57% 78% EMEA APAC GLOBAL AMERICAS DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median dwell times have decreased significantly, from 416 days in 2011 to just 78 days in 2018. While median dwell times have decreased globally and in the Americas, dwell times increased in APAC and EMEA, where security teams are still uncovering historical attacks. GLOBAL MEDIAN DWELL TIME 600 500 400 300 200 100 0 2018 2017 YEARS DWELL TIME (DAYS) Dwell time is the number of days an attacker is present on a victim network, from first evidence of compromise to detection. In 2018, 31% of the compromises we investigated had dwell times of 30 days or less, compared to 28% in 2017. This may be due to an increase in financially motivated compromises such as ransomware, which tend to have an immediate impact on targeted organizations—but are detected immediately as well. GLOBAL DWELL TIME DISTRIBUTION EMEA APAC GLOBAL AMERICAS 101 76 175 2016 99 99 106 172 498 78 71 177 204 DWELL TIME (DAYS) 0-7 201-300 8-14 15-30 31-45 46-60 61-75 76-90 91-150 151-200 901-1000 301-400 401-500 501-600 601-700 2000+ 701-800 801-900 1000-2000 20 15 10 5 0 15% 7% 9% 7% 7% 10% 6% 6% 7% 3% 1% 4% 2% 1% 0 1% 7% 4% 2% INVESTIGATIONS IN 2018 (PERCENTAGE) INCIDENT RESPONSE CLIENTS (PERCENTAGE) 11% HEALTH EDUCATION FINANCE FINANCE HEALTH EDUCATION 13% 18% TOP 3 RETARGETED INDUSTRIES 20 15 10 5 0 PERCENTAGE BREACH NOTIFICATION SOURCES Since 2015, organizations have gotten better at discovering compromises on their own, as opposed to being notified by external sources. 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0 2011 2012 2013 2014 2015 2016 2017 2018 EXTERNAL INTERNAL 94% 63% 67% 69% 53% 47% 38% 41% 6% 37% 33% 31% 47% 53% 62% 59% DATE NAME: DECEMBER 19, 2018 NAME: APT40 ORIGIN OR SPONSORING NATION: CHINA SOUTHEAST ASIA PRIMARY INDUSTRY TARGETS AVIATION CHEMICALS DEFENSE EDUCATION PRIMARY REGIONAL TARGET SOUTHEAST ASIA GOVERNMENT HIGH-TECH MARITIME RESEARCH APT40 1298234298263 9874293847293 8472938472938 4729384729387 429837429834 7293847293568 420394820394 802936293874 9238742938792 834738472938 4729384798738 3872384798729 APT39 DATE NAME: DECEMBER 12, 2018 NAME: APT39 ORIGIN OR SPONSORING NATION: IRAN MIDDLE EAST IRAN PRIMARY INDUSTRY TARGETS HIGH-TECH TELECOMMUNICATIONS TRANSPORTATION TRAVEL PRIMARY REGIONAL TARGET MIDDLE EAST CHINA 3 4 2 7 3 8 9 4 7 2 3 0 9 4 8 3 0 2 9 3 8 4 3 4 2 7 3 8 9 4 7 2 3 0 9 4 8 3 0 2 9 38 34 27389 4723 0 9 4 83 0 2938 4 3 4 2738 9 4 72 3 0 9 4 8 3 0 2 9 3 8 4 3 4 2 7 3 8 9 4 7 2 3 0 9 4 8 3 0 2 9 38 4 3 4 2 7 3 8 9 4 7 2 3 0 9 4 8 3 0 2 9 3 8 4 APT38 DATE NAME: OCTOBER 2, 2018 NAME: APT38 ORIGIN OR SPONSORING NATION: NORTH KOREA NORTH KOREA INTER-BANK FINANCIAL SYSTEMS FINANCIAL INSTITUTIONS PRIMARY INDUSTRY TARGETS PRIMARY REGIONAL TARGET ECONOMICALLY DEVELOPING REGIONS APT37 DATE NAME: FEBRUARY 19, 2018 NAME: APT37 ORIGIN OR SPONSORING NATION: NORTH KOREA MIDDLE EAST NORTH KOREA HEALTH CARE ENTITIES ELECTRONICS MANUFACTURING PRIMARY INDUSTRY TARGETS AUTOMOTIVE CHEMICALS AEROSPACE PRIMARY REGIONAL TARGET JAPAN MIDDLE EAST SOUTH KOREA VIETNAM SOUTH KOREA JAPAN JAPAN ECONOMICALLY DEVELOPING REGIONS © 2019 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. F-EXT-IG-US-EN-000187-01 1 We define “retargeted customers” as FireEye managed detection and response customers who were previously Mandiant incident response clients and were targets of one significant attack in the past 19 months by the same or similarly motivated attack group. Download the full M-Trends 2019 report > M-TRENDS 2019 A FIREEYE MANDIANT SPECIAL REPORT

Upload: others

Post on 24-Sep-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: M-Trends 2019 Infographic Part 1 - FireEye · 12/19/2018  · GLOBAL AMERICAS EMEA APAC DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median

NEW APT GROUPS In 2018, FireEye promoted four attackers from previously tracked TEMP groups to advanced persistent threat (APT) groups.

ONCE A TARGET,ALWAYS A TARGET

In 2018, the number of retargeted customers continued to climb.1 If you’ve been breached once, you’re much more likely to be targeted again and su�er another breach.

100

80

60

40

20

0

RETARGETED INCIDENT RESPONSE CLIENTS BY REGION

2017

56%

44%47%

91%

2018

64% 63%57%

78%

EMEA APACGLOBAL AMERICAS

DWELL TIME Organizations are getting better at detecting breaches quickly. Worldwide, median dwell times have decreased significantly, from 416 days in 2011 to just 78 days in 2018.

While median dwell times have decreased globally and in the Americas, dwell times increased in APAC and EMEA, where security teams are still uncovering historical attacks.

GLOBAL MEDIAN DWELL TIME

600

500

400

300

200

100

020182017

YEARS

DWEL

L TI

ME

(DAY

S)

Dwell time is the number of days an attacker is present on a victim network, from first evidence of compromise to detection.

In 2018, 31% of the compromises we investigated had dwell times of 30 days or less, compared to 28% in 2017. This may be due to an increase in financially motivated compromises such as ransomware, which tend to have an immediate impact on targeted organizations—but are detected immediately as well.

GLOBAL DWELL TIME DISTRIBUTION

EMEA APACGLOBAL AMERICAS

10176

175

2016

99 99106

172

498

78 71

177204

DWELL TIME (DAYS)

0-7

201-3

008-

1415

-30

31-4

5

46-60

61-75

76-9

0

91-150

151-2

00

901-1000

301-4

00

401-500

501-6

00

601-700

2000+

701-8

00

801-9

00

1000-2

000

20

15

10

5

0

15%

7%

9%7% 7%

10%

6% 6%7%

3%1%

4%

2% 1%0 1%

7%

4%

2%

INVE

STIG

ATIO

NS IN

201

8 (P

ERCE

NTAG

E)IN

CIDE

NT R

ESPO

NSE

CLIE

NTS

(PER

CENT

AGE)

11%

HEALTH EDUCATIONFINANCE

FINANCE HEALTH EDUCATION

13%

18%

TOP 3 RETARGETED INDUSTRIES

20

15

10

5

0

PERC

ENTA

GE

BREACH NOTIFICATION SOURCES

Since 2015, organizations have gotten better at discovering compromises on their own, as opposed to being notified by external sources.

100%

90%

80%

70%

60%

50%

40%

30%

20%

10%

02011 2012 2013 2014 2015 2016 2017 2018

EXTERNAL INTERNAL

94%

63%67% 69%

53%

47%

38%41%

6%

37%33% 31%

47%

53%

62%59%

DATE NAME: DECEMBER 19, 2018NAME: APT40 ORIGIN OR SPONSORING NATION: CHINA

SOUTHEAST ASIA

PRIMARY INDUSTRY TARGETS

AVIATION

CHEMICALS

DEFENSEEDUCATION

PRIMARY REGIONAL TARGET

SOUTHEAST ASIA GOVERNMENT

HIGH-TECH

MARITIMERESEARCH

APT40

12982342982639874293847293847293847293847293847293874298374298347293847293568420394820394802936293874923874293879283473847293847293847987383872384798729APT39

DATE NAME: DECEMBER 12, 2018NAME: APT39 ORIGIN OR SPONSORING NATION: IRAN

MIDDLE EAST

IRAN

PRIMARY INDUSTRY TARGETS

HIGH-TECH

TELECOMMUNICATIONS

TRANSPORTATIONTRAVEL

PRIMARY REGIONAL TARGET

MIDDLE EAST

CHINA

3427

3894

7230

9483

0293

84

34273

89472309483029384

34273894723094830293843427389472309483029384

342738947230948302938434273894723094

83029384

APT38

DATE NAME: OCTOBER 2, 2018NAME: APT38 ORIGIN OR SPONSORING NATION: NORTH KOREA

NORTH KOREA

INTER-BANK FINANCIAL SYSTEMS

FINANCIAL INSTITUTIONS

PRIMARY INDUSTRY TARGETSPRIMARY REGIONAL TARGET

ECONOMICALLY DEVELOPING REGIONS

APT37

DATE NAME: FEBRUARY 19, 2018NAME: APT37 ORIGIN OR SPONSORING NATION: NORTH KOREA

MIDDLE EAST

NORTH KOREA

HEALTH CARE ENTITIES

ELECTRONICS

MANUFACTURING

PRIMARY INDUSTRY TARGETS

AUTOMOTIVE

CHEMICALS

AEROSPACE

PRIMARY REGIONAL TARGET

JAPAN

MIDDLE EAST

SOUTH KOREAVIETNAM

SOUTH KOREA

JAPAN

JAPAN

ECONOMICALLY DEVELOPING REGIONS

© 2019 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. F-EXT-IG-US-EN-000187-01

1 We define “retargeted customers” as FireEye managed detection and response customers who were previously Mandiant incident response clients and were targets of one significant attack in the past 19 months by the same or similarly motivated attack group.

Download the full M-Trends 2019 report >

M-TRENDS 2019A FIREEYE MANDIANT SPECIAL REPORT

STARTER KIT Infoblox DNS Firewall for FireEye KIT Infoblox DNS Firewall for FireEye. ... User Community ... Administrator guide. • You cannot add a FireEye integrated RPZ during

FIREEYE NETWORK SECURITY

Disruptive Breaches Cyber Secur… · NORTH KOREA ©2018 FireEye | Private & Confidential ©2018 FireEye | Private & Confidential Guardians of Peace vs. Whois Team (Dark Seoul) US-based

ENDPOINT SECURITY - FireEye Market

FireEye App for Splunk Enterprise · 7 FireEye App for Splunk Enterprise Documentation Version 1.1 Installing the FireEye App for Splunk Enterprise Use the App Manager within Splunk

FireEye - ISPAB Threat Environment

Flare-On 6: Challenge 6 BMPHIDE - FireEye...FireEye, Inc. | 601 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) [email protected] | 6 –

FireEye Use Cases — FireEye Solution Deployment Experience

FireEye + Splunk: Intermediate Guide

FireEye and Splunk: Intro to Integration · FireEye and Splunk: Intro to Integration . ... This architecture has become a possibility in the 7.1 version of the FireEye CMS. ... Ex:

FireEye iSIGHT Intelligence · Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL 10 FireEye Threat Intelligence Sources Collected Curated Focused Rule Sets

CORPORATE FACT SHEET - CDWwebobjects.cdw.com/webobjects/media/pdf/FireEye/Fact-Sheet-FireEy… · CORPORATE FACT SHEET SECRITY ... impact of security breaches. We find and stop attackers

ThreatAnalyticsPlatform (TAP) - FireEye...ThreatAnalyticsPlatform (TAP) DeploymentGuide April28,2014 FireEye,Inc.,1440McCarthyBlvd.,Milpitas,CA95035||+1877.FIREEYE

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye

Transforming Security Operations - FireEye · manual efforts forced on the security operations team. ... FireEye Helix delivers a new, unified user experience across the FireEye product

FireEye Advanced Threat Report

Fireeye User Guide

FireEye Managed Defense...FireEye Managed Defense is a managed detection and response (MDR) service that combines industry recognized cyber security expertise, FireEye technology and

Insight into the Nordics Threat Landscape - FireEye · Copyright © 2014, FireEye, Inc. All rights reservedCopyright © 2015, FireEye, Inc. Title: PowerPoint Presentation Author ~~~

FireEye Systems Engineer (FSE) FireEye Partner Technical ... · FireEye Systems Engineer (FSE) Loai Najim has successfully completed the requirements to be recognized as a FireEye

Fireeye malware-supply-chain

FireEye Network Security - isab.it · FireEye Network Security Effective protection against cyber breaches for midsize to large organizations OVERVIEW FireEye Network Security is

SETTING DWELL AUTO 2 DWELL TIME IN DEGREES THAT POINTS ARE ____________. MAXIMUM DWELL FOR A 4 CYLINDER? MAXIMUM DWELL FOR AN 8 CYLINDER? MAXIMUM DWELL

FireEye - Breaches are inevitable, but the outcome is not

VISION - FireEye · Why FireEye was #1 FireEye leads the pack with its collection capabilities. The importance of iSight Partners and Mandiant cannot be overlooked when assessing

GDPR - FireEye€¦ · States, more than 50 federal, state and local laws mandate disclosure of cyber breaches to regulators or affected consumers. Until recently, the regulatory

Dwell With Dignity v Dwell Magazine

Flare&On)4:)Challenge)7)Solution)–)zsud.exe) - FireEye · FireEye,!Inc.,!1440!McCarthy!Blvd.,!Milpitas,!CA!95035!!|!!+1!408.321.6300!!|!!+1!877.FIREEYE!(347.3393)!!|[email protected]!!|!!!!!!!1!

FireEye v.6.0 Security Target - Common Criteriacommoncriteriaportal.org/files/epfiles/st_vid10458-st.pdf · 2011-11-03 · FireEye, Inc. Page 1 Version 1.1 May 11, 2011 FireEye v.6.0

FireEye Webinar 11. November 2015 - Home | AVANTEC Documents... · FireEye Webinar 11. ... QUESTIONS? Thomas Cueni [email protected]. Title: Microsoft PowerPoint - FireEye

Cyber Risk Report 2017 | Cyber Threats to Europe | FireEye · anticipate, cyber breaches begin to fill the headlines of the major European newspapers in 2017, management teams will

Systemic Cyber Risk and Exposure of the Insurance Industry · • FireEye iSight Intelligence Products • FireEye Helix • FireEye Threat Analytics • FireEye Network Security

Comparison of AppGuard® with FireEye® Endpoint Security › wp-content › uploads › 2019 › 01 › App... · 2019-06-05 · FireEye endpoint agents REQUIRE numerous FireEye

FireEye Endpoint Security Tech Preview - Process Guard ......FireEye, Inc. | 601 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) [email protected] | © 2019

Save on Real-Time Threat Protection with FireEye › content › dam › wcgcom › ...Save on Real-Time Threat Protection with FireEye he FireEye platform, including security management