FireEye, a mainstream cybersecurity consulting firm, has released their yearly M-Trends report, the 2019 edition features the malware trends for 2018 which will help shape the direction of the antivirus industry for the current year. If it can be summarized into just 1-word, that word is “persistence.” Threat actors, including that backed-up by nation-states, are keeping their cyber warfare campaigns well funded and well operated. Industries that were targeted for the past two years, like the banking sector, the retail sector, and the healthcare sectors are expected to be targeted this year.
Regardless of the changing global geopolitics due to political events and political announcements of the heavyweights, their digital counterparts – the nation funded threat actors are working hard in the background. With their sponsor-states’ interest in mind, funds are flowing like the Nile River, with strong potential of interrupting normal operations of vulnerable servers on the global scale. FireEye researchers are determined to unlock the mysteries behind the operations of these hidden state-sponsored threat actors, however, it is a common fact for everyone in the cybersecurity industry that we have not seen the worst yet.
The problem on all of these is the non-readiness of many organizations, both public and private with the current trend of cyber attacks. There are storage areas that remain insecure, uses unhashed password databases and cloud storage setups that are using weak passwords, plus the lack of 2-factor authentication during the login procedures. As more people migrate from traditional desktop apps to web apps (including BYOD-based apps), the attacks targeting telecommunication and cloud services become more compelling.
Using a measuring device FireEye defined as “Dwell time”, the reports show the number of days that the threat actor is covertly operating inside the network of their victim, evading detection. Globally, this somewhat good news, as the Dwell time stands at 78 for 2018. That means on average; threat actors are in the foreign system for 78 days. This is far lower compared to 101 days recorded in 2017. The American continents (North and South Americas) have a median dwell time of 71 days, a marginal improvement from 2017’s record of 75.5 days. This is in contrast to the situation in the Eastern Mediterranean and European regions which saw an average of 177 days of infiltration, compared to 175 in 2017. The Asia Pacific region recorded the best improvement of dwell time compared to 2017, the rating of 498 days improved to just 204 days for 2018. Though a huge improvement, the Asia Pacific region still holds the longest time hackers are infiltrating the systems without being detected.
FireEye emphasized that that being randomly targeted is not the most worry about organizations these days, but rather being deliberately targeted. The cybersecurity firm enumerated the most targeted industries and sectors for 2019
- Finance
- Health
- Retail and hospitality
- Telecommunications
- Pharmaceutical
- IT
- Industrial
- Government
- Food and Beverages
- Energy
- Education
- Defense Industrial Base
- Minding
- Media
- Manufacturing
- Legal
“Organizations are getting better at discovering compromises internally, as opposed to being notified by external sources. In 2018, almost 60% of compromises were internally detected. Though down slightly from the 62% internal detection rate in 2017, this remains a significant improvement from 2014, when only 31% of compromises were internally detected,” explained in the report.