FireEye Mandiant M-Trends 2021: Report provides global statistics and insights from hundreds of different hacker attacks: Average length of stay drops below a month worldwide; The ability to detect threats is improving; The proportion of ransomware continues to rise.
FireEye, Inc, the intelligence-based security company, today released the FireEye Mandiant M-Trends Report 2021. The M-Trends report, which is now being published for the twelfth time, combines cybersecurity expertise with threat intelligence and provides statistics and insights from the latest Mandiant deployments worldwide.
This year's report provides details on the latest attack techniques and malware, the spread of multi-layered extortion and ransomware, preparation for expected UNC2452 / SUNBURST counterfeit hackers, growing insider threats, and pandemic and industry-related trends. Further findings are summarized below.
Attack detection time is reduced for the first time
Over the past decade, Mandiant has seen a steady decrease in the average length of stay (defined as the length of time between the first sign of a cyber attack and its identification). In 2011, cyberattacks were detected within an average of 2020 days in 24. Compared to the average length of stay of 56 days in the previous year, identification was twice as fast. Mandiant attributes this improvement to the constant evolution and improvement of corporate intelligence and responsiveness that came with the rise of multi-faceted blackmail and ransomware attacks.
The average length of stay developed differently depending on the region. In North, Central and South America, the length of stay continued to decrease. The average length of stay for internally discovered incidents has improved the most on the American continent and has fallen from 32 days to just nine days. This is the first time a region has slipped into single digits. In APAC and EMEA, however, the average length of stay increased. According to the Mandiant experts, this is due to the fact that there were more attacks with a dwell time of more than three years compared to North, Central and South America.
Internal detections are increasing
While the previous year's report found a decrease in internal detection of attacks compared to the previous year, the experts at Mandiant now observed a resurgence of companies that were able to detect most of the incidents themselves. Internal incident detection increased to 2020 percent in 59, up 12 percentage points from 2019. The return to the ability of organizations to self-detect attacks on their environments is in line with the general trend observed by Mandiant over the past five years .
Internal detection increased in all regions compared to the previous year. Companies in North, Central and South America led this development with 61 percent, closely followed by EMEA and APAC with 53 percent and 52 percent respectively. In comparison, companies in APAC and EMEA received more reports of compromise from outside parties than companies in the Americas.
Attacks on retail, hospitality and healthcare
The top five industries attacked are, in that order, business and professional services, retail and hospitality, finance, healthcare, and high technology.
Mandiant's experts observed that retail and hospitality companies were more targeted by attackers in 2020 - they ranked second among the most attacked industries compared to 11th in the previous year's report. Healthcare also saw a significant increase, making it the third most attacked industry in 2020, up from eighth place in last year's report. This increased interest from hacking groups can likely be explained by the important role the health sector played during the global pandemic. The full FireEye Mandiant M-Trends 2021 report in PDF format can be read or downloaded for free and without registration.
More at FireEye.com
About Trellix Trellix is a global company redefining the future of cybersecurity. The company's open and native Extended Detection and Response (XDR) platform helps organizations facing today's most advanced threats gain confidence that their operations are protected and resilient. Trellix security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to support over 40.000 business and government customers.