ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Attackers innovate, adapt to achieve mission - report

By Shannon Williams
Fri 22 Apr 2022

While significant progress has been made in threat detection and response, adversaries are continuing to innovate and adapt to achieve their mission in targeted environments, according to a new report from Mandiant.

Mandiant has released the findings of Mandiant M-Trends 2022, an annual report that provides timely data and insights based on Mandiant frontline investigations and remediations of high-impact cyber attacks worldwide.

"This year's M-Trends report reveals fresh insight into how threat actors are evolving and using new techniques to gain access into target environments," says Jurgen Kutscher, executive vice president, service delivery, Mandiant. 

"While exploits continue to gain traction and remain the most frequently identified infection vector, the report notes a significant increase in supply chain attacks," he says. 

"Conversely, there was a noticeable drop in phishing this year, reflecting organisations improved awareness and ability to better detect and block these attempts," says Kutscher. 

"In light of the continued increased use of exploits as an initial compromise vector, organisations need to maintain focus on executing on security fundamentals, such as asset, risk and patch management.

"Multifaceted extortion and ransomware continue to pose huge challenges for organisations of all sizes and across all industries, with this year's M-Trends report noting a specific rise in attacks targeting virtualisation infrastructure," he says. 

"The key to building resilience lies in preparation. Developing a robust preparedness plan and well-documented and tested recovery process can help organisations successfully navigate an attack and quickly return to normal business operations."

Global Median Dwell Time Drops to Three Weeks

According to the report, the global median dwell time, which is calculated as the median number of days an attacker is present in a targets environment before being detected, decreased from 24 days in 2020 to 21 days in 2021. Digging deeper, the report notes that the APAC region saw the biggest decline in median dwell time, dropping to just 21 days in 2021 compared to 76 days in 2020. Median dwell time also fell in EMEA, down to 48 days in 2021 compared to 66 days the year before. In the Americas, median dwell time stayed steady at 17 days.

When comparing how threats were detected across different regions, the report found that in EMEA and APAC, the majority of intrusions in 2021 were identified by external third parties (62% and 76%, respectively), a reversal of what was observed in 2020. In the Americas, the detection by source remained constant with most intrusions detected internally by organisations themselves (60%).

Organisations improved threat visibility and response as well as the pervasiveness of ransomware, which has a significantly lower median dwell time than non-ransomware intrusions, are likely driving factors behind reduced median dwell time, per the report.

New Threats Emerge as China Ramps Up Espionage Activity

Mandiant continues to expand its extensive threat knowledge base through frontline investigations, access to the criminal marketplace, security telemetry and the use of proprietary research methods and datasets, analysed by more than 300 intelligence professionals across 26 countries. As a result of relentless information gathering and analysis, Mandiant experts began tracking 1,100+ new threat groups during this M-Trends reporting period. Mandiant also began tracking 733 new malware families, of which 86% were not publicly available, continuing the trend of availability of new malware families being restricted or likely privately developed, according to the report.

M-Trends 2022 also notes a realignment and retooling of China cyber espionage operations to align with the implementation of Chinas 14th Five-Year Plan in 2021. The report warns that the national-level priorities included in the plan signal an upcoming increase in China-nexus actors conducting intrusion attempts against intellectual property or other strategically important economic concerns, as well as defense industry products and other dual-use technologies over the next few years.

Strengthening Security Posture

Mandiant remains committed to helping organisations remain secure from cyber threats and build confidence in their cyber defense readiness. To support this mission, Mandiant provides risk reduction tips throughout the M-Trends report, including mitigating common misconfigurations when using on-premises Active Directory, certificate services, virtualisation platforms and cloud-based infrastructure. The report also reinforces considerations to support proactive security programs, reiterating the importance of long-standing security initiatives such as asset management, log retention policies and vulnerability and patching management.

To further support community and industry efforts, Mandiant continuously maps its findings to the MITRE ATTACK framework, mapping an additional 300+ Mandiant techniques to the framework in 2021. The M-Trends report notes that organisations should prioritise which security measures to implement based on the likelihood of specific techniques being used during an intrusion. According to the report, by examining the prevalence of technique usage during recent intrusions, organisations are better equipped to make intelligent security decisions.

Charles Carmakal, senior vice president and chief technology officer, Mandiant, adds, "Chinese cyber espionage activity ramped up significantly in recent years, with Asia and the U.S. remaining the most targeted regions. 

"This year's M-Trends report notes a specific focus on government organisations as well as the use of the same malware families among multiple cyber espionage actor sets, likely due to resource and tool sharing by disparate groups," he says. 

"Further, with the implementation of Chinas 14th Five-Year Plan in 2021, we expect to see cyber espionage activity continue to accelerate in support of Chinas national security and economic interests over the next few years."

Sandra Joyce, executive vice president, Mandiant Intelligence, Mandiant, adds, "Several trends from previous years continued into 2021. 

"Mandiant encountered more threat groups than any previous period, to include newly discovered groups. In a parallel trend, in this period we began tracking more new malware families than ever before," she says. 

"Overall, this speaks to a threat landscape that continues to trend upward in volume and threat diversity. We also continue to witness financial gain be a primary motivation for observed attackers, as case studies this year on FIN12 and FIN13 highlight. 

"If we pivot to the defender perspective, we see several improvements despite an incredibly challenging threat landscape. As one example, this M-Trends report has the lowest global media dwell time on record. 

Additionally, APAC and EMEA showed the largest improvements in several threat detection categories compared to previous years." 

Additional takeaways from M-Trends 2022 Report include:

  • Infection Vector: For the second year in a row, exploits remained the most frequently identified initial infection vector. In fact, of the incidents that Mandiant responded to during the reporting period, 37% started with the exploitation of a security vulnerability, as opposed to phishing, which accounted for only 11%. Supply chain compromises increased dramatically, from less than 1% in 2020 to 17% in 2021.
  • Target industries impacted: Business and professional services and financial were the top two industries targeted by adversaries (14%, respectively), followed by healthcare (11%), retail and hospitality (10%) and tech and government (both at 9%).
  • New Multifaceted Extortion and Ransomware TTPs: Mandiant observed multifaceted extortion and ransomware attackers using new tactics, techniques and procedures (TTPs) to deploy ransomware rapidly and efficiently throughout business environments, noting that the pervasive usage of virtualisation infrastructure in corporate environments has made it a prime target for ransomware attackers.
     
Related stories
Top stories
Story image
Hawaiki Cable
BW Digital completes acquisition of Hawaiki Submarine Cable
BW Digital has completed its full acquisition of Hawaiki Submarine Cable, with all applicable regulatory filings and approvals now received.
Story image
Adyen
Adyen expands partnership with Afterpay as BNPL payments increase
Adyen has expanded its partnership with AfterPay allowing more of Adyen’s merchants in more countries worldwide to use the BNPL provider.
Story image
SaaS
Atturra partners with Focus HQ to support Aus organisations
Atturra has executed a partnership agreement with Focus HQ, to resell and support the company's Australian developed SaaS-based portfolio management platform.
Story image
Review
Hands-on review: MSI MPG Z690 Carbon WIFI motherboard
It’s all change with Intel’s 12th generation CPUs. We have a new chipset in the 600-series, a new socket with the LGA 1700, and new DDR5 memory.
Story image
Ransomware
Zerto unveils updates to ransomware recovery capabilities
"Organisations face increased risks from the volume and sophistication of ransomware attacks prevalent today."
Story image
Artificial Intelligence
ANU and Seeing Machines to use AI to improve driver safety
The Australian National University and Seeing Machines have won a grant to develop AI systems monitor human behaviour while driving.
Story image
D-Link
D-Link launches new G415 Smart Router as part of EAGLE PRO AI range
D-Link A/NZ has announced the launch of its new G415 AX1500 4G Smart Router as part of the new EAGLE PRO AI Series.
Story image
Jabra
Jabra reveals its latest portable headset Engage 55
Jabra has launched the Engage 55, the newest product in Jabra's Engage series designed for ultimate call security and quality.
Story image
Wireless
Sony to bring new 1000X series WH-1000XM5 headphones to the market
Sony has announced the newest edition of its award-winning wireless headphones, with the 1000X series WH-1000XM5 noise-cancelling model.
Story image
Malware
Use of malware, botnets and exploits expands in Q1 2022
"As zero-day attacks and other vulnerabilities among companies like Google and Microsoft come to light, threat actors are quickly adjusting their tactics."
Story image
Firewall
Sophos named Gartner Peer Insights Customers Choice for network firewalls
The company earned the highest overall customer rating among vendors with at least 150 verified customer reviews.
Story image
Red Hat
Red Hat expands capabilities to provide streamlined application development in cloud
"Application development is undergoing significant change and developers need tools to support this transformation."
Story image
Hybrid Cloud
Hewlett Packard Enterprise hosts Channel Reignite sessions
Hewlett Packard Enterprise (HPE) hosted its HPE Channel Reignite sessions in Sydney and Melbourne last month to reconnect with the channel partner community.
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Open banking
A look at the rewards and risks of open banking - report
RiskBusiness says its report on open banking finds that while it holds much potential, financial services firms need to ensure they have robust, risk processes.
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Malware
Sharp increase in phishing as cybercriminals leverage SEO to lure victims
"Malware lurking everywhere, from cloud apps to search engines, leaving organisations at greater risk than ever before."
Story image
Artificial Intelligence
Google to enter the smartwatch market with the Google Pixel Watch
Google has provided a first look at its new Google Pixel Watch, which is set to make an entry into the competitive smartwatch market.
Story image
Logistics
TeamViewer and SAP combine AR and warehouse operations
TeamViewer combines its AR platform, Frontline, with SAP's Extended Warehouse Management solution, to make warehouse and logistics operations more efficient.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Manufacturing
$1 million in cyber skills to stop $100 million in cybercrime
"It is important that the next generation across all industries, including manufacturing, are skilled in cybersecurity."
Story image
Training
Fortinet training edges toward closing cybersecurity gap
The Fortinet Training Institute has made significant progress in closing the cybersecurity skills gap, on track to train one million people by 2026.
Story image
Review
Hands-on review: Amazon Kindle Paperwhite Signature Edition
In almost every respect it works like a book, apart from the fact that it weighs next to nothing, fits in my hand perfectly, and is soothing on my eyes.
Story image
Artificial Intelligence
Updates from Google Workspace set to ease hybrid working troubles
Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
Story image
Wireless
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Fastly
Fastly named 2022 Gartner Peer Insights Customers’ Choice
Fastly has announced it has been named a Customers' Choice in the 2022 Gartner Peer Insights "Voice of the Customer": Global CDN.
Story image
Wasabi Technologies
Wasabi opens new cloud storage in Australia with Equinix
Wasabi Technologies has opened a new hot cloud storage region in Sydney, Australia, using Equinix services. This is the company's 12th global storage region.
Story image
Hybrid Cloud
Red Hat and Accenture expand alliance for hybrid cloud
Red Hat and Accenture have announced the expansion of their partnership, collaborating on new offerings to assist businesses in their cloud continuum operations.
Story image
Poly
Poly introduces new smart devices and announces Amazon e-store in Australia
Poly is introducing two new pro-grade devices to the market and announcing its first official Australian e-store on Amazon.
Story image
Fortinet
Fortinet sees 34% revenue increase in latest financial results
Fortinet has released its financial results for the first quarter ended March 31, 2022, seeing a total revenue increase of 34.4% compared to the same quarter last year.
Story image
Tech Data
Tech Data to use Pluribus Networks’ cloud solutions in APAC
Tech Data says using Pluribus Networks' Unified Cloud Fabric solution will be a "game-changer" for its data center infrastructure customers and partners.
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Cybersecurity
HackerOne launches Attack Resistance Management solution
HackerOne has launched Attack Resistance Management - a new category of security solution that targets the root causes of the attack resistance gap. 
Story image
Application Performance Monitoring / APM
Why SolarWinds Partners will have big wins in 2022
We summarise the key recent changes that the monitoring software vendor has made to accelerate its channel business.
Story image
Corsair
Hands-on review: Corsair 32GB Vengeance 5200MHz DDR5 DRAM kit
Corsair’s Vengeance 5200MHz DDR5 DRAM offers PC users an entry-level upgrade to the new memory standard allowing them to get a little bit more out of their new Alder Lake CPUs.
Story image
Microsoft
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
Data
Aussie data & analytic execs not confident in data strategy
Less than half of Australian data and analytics leaders are confident in their data strategy as siloes and lack of culture prevent innovation.
Story image
Telstra
Telstra and Silver Trak Digital delivers 5G to the cinemas
Telstra and Silver Trak Digital say they've launched Australia's fastest and most secure delivery of content over 5G for cinemas.
Story image
Ransomware
Ingram Micro Cloud adds Bitdefender solutions to marketplace
Ingram Micro Cloud has announced the expanded availability of Bitdefender solutions on the Ingram Micro Cloud Marketplace.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Manufacturing
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
Microsoft
Avaya expands Microsoft partnership to deliver OneCloud on Azure
The joint technology and go to market agreement will help customers accelerate their digital transformation initiatives in the cloud.
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.