Reston company recently issued its M-Trends 2022 report, revealing a slight acceleration in cyber security threats and solutions, according to Mandiant.
“This year’s M-Trends report reveals fresh insight into how threat actors are evolving and using new techniques to gain access into target environments,” executive vice president, Service Delivery, Mandiant, Jurgen Kutscher, said. “While exploits continue to gain traction and remain the most frequently identified infection vector, the report notes a significant increase in supply chain attacks. Conversely, there was a noticeable drop in phishing this year, reflecting organizations’ improved awareness and ability to better detect and block these attempts. In light of the continued increased use of exploits as an initial compromise vector, organizations need to maintain focus on executing on security fundamentals––such as asset, risk and patch management.”
The major report tracks investigation metrics measured between Oct. 1, 2020 and Dec. 31, 2021, detailing the significant progress made in threat detection and response strategies.
One key finding from the report, developed by Mandiant, is that global medium dwell time declined to 21 days from 24 in 2020. The dwell time is the median number of days that an attacker is in the environment of the target before it is detected. Mandiant also reported it tracked more than 1,100 new threat groups and 733 new malware families during the reporting timeframe. The company continues to see adversaries innovate and adapt to achieve their mission in targeted environments.
"Several trends from previous years continued into 2021. Mandiant encountered more threat groups than any previous period, to include newly discovered groups,” executive vice president, Mandiant Intelligence, Mandiant, Sandra Joyce, said. “In a parallel trend, in this period we began tracking more new malware families than ever before. Overall, this speaks to a threat landscape that continues to trend upward in volume and threat diversity.”
Out of the total incidents that Mandiant responded to during the reporting period, 37% started with the exploitation of a security vulnerability, as opposed to phishing, which accounted for only 11%. Supply chain compromises increased dramatically, from less than 1% in 2020 to 17% in 2021.
“We also continue to witness financial gain be a primary motivation for observed attackers, as case studies this year on FIN12 and FIN13 highlight,” Joyce said. “If we pivot to the defender perspective, we see several improvements despite an incredibly challenging threat landscape. As one example, this M-Trends report has the lowest global media dwell time on record. Additionally, APAC and EMEA showed the largest improvements in several threat detection categories compared to previous years."
In 2021, Mandiant experts identified that a quarter of victim environments had more than one distinct threat group. Mandiant observed multifaceted extortion and ransomware attackers using new tactics, techniques and procedures (TTPs) to deploy ransomware rapidly and efficiently throughout business environments. According to its website, the company is known as a market leader in threat intelligence with their work against cyber threats.