Mandiant, the leader in advanced threat detection and response solutions, today announced the availability of its third annual M-Trends report, M-Trends 2012: An Evolving Threat. The report, which is based on hundreds of advanced threat investigations conducted over the past year, includes analysis, statistics and case studies that highlight how advanced and motivated attackers are stealing sensitive intellectual property and financial assets. The report also shares approaches that organizations can take to improve the way they detect, respond to, and contain complex breaches.
“In nearly a decade of responding to targeted attacks, one thing is constant — attackers will change their tactics as needed to successfully compromise their targets," said Vice President of Customer Success, Grady Summers, one of the report’s principal authors. “The breadth of companies being targeted is growing and the rate of intellectual property theft is increasing faster than ever. Companies who have made responsible and sustained investments in information technology continue to be compromised.”
Only Six Percent of Organizations Detect Advanced Attackers Via Internal Methods
Targeted attacks continue to evade preventive defenses. Over the last year the vast majority of organizations – 94 percent – learn they are victims of targeted attacks from an external entity such as law enforcement.
The Typical Advanced Attack Goes Unnoticed for More Than a Year
Once they are inside the victim organization, attackers typically have plenty of time to reach their ultimate objective – whether that’s stealing intellectual property or financial assets. The median number of days from the first evidence of compromise to when the attack was identified was 416 days.
Compromised Organizations Are Increasingly Being Detected During the M&A Cycle
As targeted attacks spread to a wider cross-section of industries, companies are increasingly purchasing compromised assets. Based on Mandiant’s experience, a record number of targeted intrusions were discovered while the victimized organizations were in the process of integrating into their new parent organizations.
Advanced Attackers Are Targeting Multiple Companies across a Supply Chain
Attackers are targeting companies that collaborate together within a supply chain in order to assemble a comprehensive intellectual property portfolio. Advanced attackers have learned that in order to gain full visibility into complex projects, data is required from all of the companies that partnered to design or build the targeted project.
Malware Only Tells Half of the Story
Organizations’ investments in malware detection and antivirus capabilities, while effective in detecting characteristics associated with common worms, botnets, and drive-by downloads, do little to help defend against targeted intrusions. Today, advanced attackers often use malware as a means to gain an initial foothold within an organization. After the initial compromise, though, they shift their tactics and use legitimate credentials from compromised accounts to move laterally, create staging sites and exfiltrate data from their victims. Only 54 percent of compromised machines that Mandiant investigated contained malware while 100 percent of the attacks Mandiant investigated utilized stolen credentials during the intrusion.