In this M-Trends 2018 report, we look at some of the latest trends identified during the October 1, 2016 to September 30, 2017 reporting period, as revealed through incident response investigations by Mandiant, a FireEye company.
When it comes to detecting compromises, organizations appear to be getting better at discovering breaches internally, as opposed to being notified by law enforcement or some other outside source. This is important because our data shows that incidents identified internally tend to have a much shorter dwell time. However, the global median dwell time from compromise to discovery is up from 99 days in 2016 to 101 days in 2017. In this year’s report, we explore some longer-term trends, many of which have evolved.
We look at organizations that have been targeted or re-compromised after remediating a previous attack, a topic we first discussed in M-Trends 2013. We also examine the widening cyber security skills gap and the rising demand for skilled personnel capable of meeting the challenges posed by today’s more sophisticated threat actors. We take a detailed look at a Mandiant Red Team Assessment to explore how we leverage sophisticated attacker tactics, techniques and procedures (TTPs) in simulated attacks to show organizations what they need to do to stay ahead of those threats.
We also provide examples of where we saw attackers exploit weaknesses in an organization’s detection and prevention controls. M-Trends 2018 can arm security teams with the knowledge they need to defend against today’s most often used cyber attacks, as well as lesser seen and emerging threats. The information in this report has been sanitized to protect identities of victims and their data.