FireEye has released the 2016 Mandiant M-Trends Report which reviews cyberattacks it has responded to throughout 2015 and highlights trends witnessed during the investigations.
This year’s report contains background on a number of emerging trends which include:
- The rise of business disruption attacks, where attackers destroyed critical systems, leaked confidential data, held companies for ransom and taunted executives (it also includes real-world examples of investigations into these attacks)
- In particular, Mandiant has seen a rise in extortion attacks where attackers have deliberately targeted an organisation, stolen data, reviewed and understood the value of it and demanded a ransom from the victim organisation commensurate with the data’s value
- While commodity ransomware attacks have been on the rise, the payment demanded is usually only a few hundred dollars, whereas targeted extortion attacks have resulted in seven figure ransoms
- Organisations increasingly turning to ‘Redteaming’ to test their environments for vulnerabilities
- Redteaming is targeted testing, with threat simulations designed to emulate real-world advanced attacks beyond the capabilities of traditional vulnerability assessments and penetration tests
- An increasing amount of Chinese threat actors targeting Personal Identifiable Information (PII). The volume of PII stolen indicated that the target was all available PII, not just that of specific individuals. In previous years, there were one-off instances of PII theft occurring as a by-product of larger data theft operations, but last year this information emerged as the primary goal of attacks
Additionally, the report includes:
- A breakdown of the industries most targeted – High Tech (11%) and Business and Professional Services (10%)
- A comparison of breach notification sources – External (53%) and Internal (47%)
- The frequency of daily spearphising attacks – Wednesday was the highest with 29%, Sunday was the lowest with 0%.