Call it unstoppable, unpredictable, or even (at many occasions) unmanageable, cybersecurity is a perennially developing story; a landscape which is changing every passing day. A lot of these changes are a reflection of how the dynamics of business are changing. A couple of years ago who would have imagines that majority of humanity would come to a grinding halt and that almost 100% people will be fired to work remotely! Most predictions failed and the things took a very strange turn. However, the threat actors, hackers and cybercriminals took advantage of this situation and increased their activities. This resulted into a massive increase in cyberattacks – both in terms of their frequency and velocity. Be it Ransomware, Phishing, DDoS, or any other form of attack or breach, everything was on an upswing. Another very noticeable and disturbing trend was exploitation of Software Supply Chains. A massive increase on supply chain attacks, which began with SolarWinds attack, continues to stun the world even today.
The modern threat landscape has some typical and rare nuances. Cyber attacks related to the conflict in Ukraine have no precedence and are surging for months now. Critical and pervasive vulnerabilities such as “Log4Shell”have led to massive risk due to complexity of patching. Cyber criminals are conducting sophisticated ransomware and extortion operations at a rising tempo.
In April 2022, Mandiant (earlier a FireEye company, now acquired by Google) can out with the 12th edition of its M-Trends.
The report, among other things, highlighted that the Global Median Dwell Time (the time from compromise to discovery) is now 21 days — down from 24 days in the previous reporting period.
“A three-week GMDT is a great milestone; however, a determined attacker only needs a few days to reach their objective, so organizations must remain vigilant and ready to respond,” the report warns.
“Across the board, there was an increase in external notification of intrusions in 2021 compared to 2020. However, awareness of most intrusions continues to come about through internal detections. The percentage of intrusions detected internally has maintained a gradual upwards trend with moderate fluctuation over the last six years,” the report says.
M-Trends 2022 contains a lot of insights and guidance the cyber security industry needs in today’s time including:
- Linux Malware Uptick: Newly tracked malware families effective on Linux increased to 11% in 2021 compared to 8% in 2020. Further, observed malware families effective on Linux increased to 18% in 2021 from 13% in 2020
- More Threats: We started tracking over 1,100 new threat actors and over 700 new malware families in the past year, and there is no indication that this trend will slow down anytime soon.
- Ransomware Targeting: Financially motivated attackers are increasingly targeting virtualization environments with ransomware, and there are strategies that can be implemented to mitigate risk.
- Multiple Threat Actors at Work: Whether working separately or together, more than one distinct threat group was identified in an environment for a quarter of our investigations—a trend we expect to see increase.
- Mining a Little Deeper: The deployment of cryptocurrency coin miners by one financially motivated threat group led to the discovery of two nation-state actors in the same environments, highlighting the need for properly scoped investigations
- Misconfiguration Mitigations: We observed various compromises due to misconfigurations when using on-premises Active Directory with Azure Active Directory to achieve a single integrated identity solution.
DynamicCISO (an ISMG Initiative) spoke to Amit Pradhan, Director for India, SAARC & Japan for Mandiant on a range of issues, more specifically to seek elaborate answers on the M-Trends 2022 report. During this conversation Amit shed light on the following key areas:
- Why has the Global Median Dwell Time come down drastically
- Rise in Supply Chain attacks and how can CISOs safeguard their organisations
- New Malware families ans the challenges for enterprise security teams
- Nation-state attacks and reason to worry
- A playbook for CISOs to strengthen their security posture
Listen in to this 30-minute conversation