Global median dwell time continues to decline;
however, a significant number of new threat groups and malware
families have emerged
Mandiant, Inc. (NASDAQ: MNDT) today announced the findings of
Mandiant® M-Trends® 2022, an annual report that
provides timely data and insights based on Mandiant frontline
investigations and remediations of high-impact cyber attacks
worldwide. The 2022 report––which tracks investigation metrics
between October 1, 2020 and December 31, 2021—reveals that while
significant progress has been made in threat detection and
response, Mandiant continues to see adversaries innovate and adapt
to achieve their mission in targeted environments.
Global Median Dwell Time Drops to Three Weeks
According to the M-Trends 2022 report, the global median dwell
time––which is calculated as the median number of days an attacker
is present in a target’s environment before being
detected––decreased from 24 days in 2020 to 21 days in 2021.
Digging deeper, the report notes that the APAC region saw the
biggest decline in median dwell time, dropping to just 21 days in
2021 compared to 76 days in 2020. Median dwell time also fell in
EMEA, down to 48 days in 2021 compared to 66 days the year before.
In the Americas, median dwell time stayed steady at 17 days.
When comparing how threats were detected across different
regions, the report found that in EMEA and APAC, the majority of
intrusions in 2021 were identified by external third parties (62%
and 76%, respectively), a reversal of what was observed in 2020. In
the Americas, the detection by source remained constant with most
intrusions detected internally by organizations themselves
(60%).
Organizations’ improved threat visibility and response as well
as the pervasiveness of ransomware––which has a significantly lower
median dwell time than non-ransomware intrusions––are likely
driving factors behind reduced median dwell time, per the
report.
New Threats Emerge as China Ramps Up Espionage
Activity
Mandiant continues to expand its extensive threat knowledge base
through frontline investigations, access to the criminal
marketplace, security telemetry and the use of proprietary research
methods and datasets, analyzed by more than 300 intelligence
professionals across 26 countries. As a result of relentless
information gathering and analysis, Mandiant experts began tracking
1,100+ new threat groups during this M-Trends reporting period.
Mandiant also began tracking 733 new malware families, of which 86%
were not publicly available, continuing the trend of availability
of new malware families being restricted or likely privately
developed, according to the report.
M-Trends 2022 also notes a realignment and retooling of China
cyber espionage operations to align with the implementation of
China’s 14th Five-Year Plan in 2021. The report warns that the
national-level priorities included in the plan “signal an upcoming
increase in China-nexus actors conducting intrusion attempts
against intellectual property or other strategically important
economic concerns, as well as defense industry products and other
dual-use technologies over the next few years.”
Strengthening Security Posture
Mandiant remains committed to helping organizations remain
secure from cyber threats and build confidence in their cyber
defense readiness. To support this mission, Mandiant provides risk
reduction tips throughout the M-Trends report, including mitigating
common misconfigurations when using on-premises Active Directory,
certificate services, virtualization platforms and cloud-based
infrastructure. The report also reinforces considerations to
support proactive security programs, reiterating the importance of
long-standing security initiatives such as asset management, log
retention policies and vulnerability and patching management.
To further support community and industry efforts, Mandiant
continuously maps its findings to the MITRE ATT&CK framework,
mapping an additional 300+ Mandiant techniques to the framework in
2021. The M-Trends report notes that organizations should
prioritize which security measures to implement based on the
likelihood of specific techniques being used during an intrusion.
According to the report, by examining the prevalence of technique
usage during recent intrusions, organizations are better equipped
to make intelligent security decisions.
Additional takeaways from M-Trends 2022 Report include:
- Infection Vector: For the second year in a row, exploits
remained the most frequently identified initial infection vector.
In fact, of the incidents that Mandiant responded to during the
reporting period, 37% started with the exploitation of a security
vulnerability, as opposed to phishing, which accounted for only
11%. Supply chain compromises increased dramatically, from less
than 1% in 2020 to 17% in 2021.
- Target industries impacted: Business and professional
services and financial were the top two industries targeted by
adversaries (14%, respectively), followed by healthcare (11%),
retail and hospitality (10%) and tech and government (both at
9%).
- New Multifaceted Extortion and Ransomware TTPs: Mandiant
observed multifaceted extortion and ransomware attackers using new
tactics, techniques and procedures (TTPs) to deploy ransomware
rapidly and efficiently throughout business environments, noting
that the pervasive usage of virtualization infrastructure in
corporate environments has made it a prime target for ransomware
attackers.
Executive Quotes
“This year’s M-Trends report reveals fresh insight into how
threat actors are evolving and using new techniques to gain access
into target environments. While exploits continue to gain traction
and remain the most frequently identified infection vector, the
report notes a significant increase in supply chain attacks.
Conversely, there was a noticeable drop in phishing this year,
reflecting organizations’ improved awareness and ability to better
detect and block these attempts. In light of the continued
increased use of exploits as an initial compromise vector,
organizations need to maintain focus on executing on security
fundamentals––such as asset, risk and patch management.” – Jurgen
Kutscher, Executive Vice President, Service Delivery, Mandiant
“Multifaceted extortion and ransomware continue to pose huge
challenges for organizations of all sizes and across all
industries, with this year’s M-Trends report noting a specific rise
in attacks targeting virtualization infrastructure. The key to
building resilience lies in preparation. Developing a robust
preparedness plan and well-documented and tested recovery process
can help organizations successfully navigate an attack and quickly
return to normal business operations.” – Jurgen Kutscher, Executive
Vice President, Service Delivery, Mandiant
“Chinese cyber espionage activity ramped up significantly in
recent years, with Asia and the U.S. remaining the most targeted
regions. This year’s M-Trends report notes a specific focus on
government organizations as well as the use of the same malware
families among multiple cyber espionage actor sets, likely due to
resource and tool sharing by disparate groups. Further, with the
implementation of China’s 14th Five-Year Plan in 2021, we expect to
see cyber espionage activity continue to accelerate in support of
China’s national security and economic interests over the next few
years.” – Charles Carmakal, Senior Vice President and Chief
Technology Officer, Mandiant
"Several trends from previous years continued into 2021.
Mandiant encountered more threat groups than any previous period,
to include newly discovered groups. In a parallel trend, in this
period we began tracking more new malware families than ever
before. Overall, this speaks to a threat landscape that continues
to trend upward in volume and threat diversity. We also continue to
witness financial gain be a primary motivation for observed
attackers, as case studies this year on FIN12 and FIN13 highlight.
If we pivot to the defender perspective, we see several
improvements despite an incredibly challenging threat landscape. As
one example, this M-Trends report has the lowest global media dwell
time on record. Additionally, APAC and EMEA showed the largest
improvements in several threat detection categories compared to
previous years." – Sandra Joyce, Executive Vice President, Mandiant
Intelligence, Mandiant
M-Trends 2022 Methodology:
The metrics reported in M-Trends 2022 are based on Mandiant
investigations of targeted attack activity conducted between
October 1, 2020 and December 31, 2021. The information gleaned has
been sanitized to protect the identities of targets and their
data.
Resources:
- M-Trends 2022 Report: https://www.mandiant.com/m-trends
- Blog: https://www.mandiant.com/resources/m-trends-2022
- M-Trends 2022 Virtual Summit:
https://www.brighttalk.com/summit/5120-m-trends-virtual-summit/
- Defender’s Advantage Podcast:
https://www.mandiant.com/resources/podcasts/defenders-advantage/m-trends-2022
About Mandiant, Inc.
Since 2004, Mandiant has been a trusted partner to
security-conscious organizations. Effective security is based on
the right combination of expertise, intelligence, and adaptive
technology, and the Mandiant Advantage SaaS platform scales decades
of frontline experience and industry-leading threat intelligence to
deliver a range of dynamic cyber defense solutions. Mandiant’s
approach helps organizations develop more effective and efficient
cyber security programs and instills confidence in their readiness
to defend against and respond to cyber threats.
Join the conversation. Follow us on Twitter, LinkedIn, Facebook,
and YouTube.
© 2022 Mandiant, Inc. All rights reserved. Mandiant and M-Trends
are registered trademarks of Mandiant, Inc. in the United States
and other countries. All other brands, products, or service names
are or may be trademarks or service marks of their respective
owners.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20220419005242/en/
Media Media.Relations@Mandiant.com
Investors Investor.Relations@Mandiant.com
Mandiant (NASDAQ:MNDT)
Historical Stock Chart
From Jun 2024 to Jul 2024
Mandiant (NASDAQ:MNDT)
Historical Stock Chart
From Jul 2023 to Jul 2024