Not To Be Overlooked… Insights From Mandiant’s 2014 M-Trends Report: Beyond the Breach
Somewhat overshadowed by the Verizon Data Breach Investigations Report, which also came out in April, the fifth-annual M-Trends® report from Mandiant® (a FireEye company) provides another interesting set of data and perspectives about the cyberthreat landscape. Compiled from advanced threat investigations conducted by Mandiant in 2013, “Beyond the Breach” not only details the tactics used by threat actors to compromise organizations and steal data, but also highlights a handful of emerging changes with regard to who the threat actors are and what they’re actually after. Indeed, some of the more notable findings from the report (with labels added by yours truly) are as follows:
- A sad state of affairs. The average number of days attackers were present on a victim’s network before being discovered was a whopping 229 (down from 243 in 2012). Equally troubling is that only 33% of these victims discovered the breach themselves, with the balance being notified by an external party.
- Iran not just an 'Also Ran.' Despite being characterized as “less sophisticated” than others, Iran-based threat actors have become noticeably more active and are considered an “ever increasing threat” due to Iran’s “historical hostility towards U.S. business and government interests.”
- The retailer end-around. Historically attacked primarily through their external facing web applications, retailers now have another attack vector with which to contend. The scenario described by Mandiant begins with the botnet software on a previously infected system that is recognized to be within a high-value target being “upgraded” with a stealthier backdoor. The botnet herder than sells access to these modified systems – potentially along with other tools that enable lateral movement – to criminal organizations specializing in cardholder data theft.
- Operational data also on the menu. The report indicates that Chinese-based threat actors in particular are now interested not only in making off with the core intellectual property of a company, but also information about how businesses work and how executives and other key personnel make decisions.
The inescapable conclusion is that, much like the universe we live in, the cyberthreat landscape is continuing to rapidly expand in all directions. From threat actors and classes of threats to new vectors and targets, the number of variables today’s security teams need to account for is doing nothing but growing. Needless to say, solutions that help address this dilemma in a meaningful way are destined to be in high demand.
Thanks to the Mandiant team for another informative report! To download a copy of “M-Trends: Beyond the Breach,” click here: https://www.mandiant.com/resources/mandiant-reports/.