FireEye has today announced the release of its annual M-Trends report which found that attackers are present in EMEA organisations’ networks a median of 3.5 months before being detected.
The report is based on information gathered during investigations conducted by FireEye’s security analysts in 2016 and uncovers emerging trends and tactics threat actors used to compromise organisations.
According to the report the median dwell time (the duration a threat actor has in an environment before they are detected) stands at 106 days.
The median dwell time globally is 99 days, which means that EMEA organisations are a week slower to respond than the global median. However, the dwell time in EMEA has decreased significantly from the previous M-Trends report, standing at less than a quarter of the 469 days that were recorded in 2015.
“The median dwell time globally is 99 days.” – FireEye
These attackers are now as advanced as state-sponsored hackers who were traditionally much more sophisticated, according to the report.
In 2016, financial attackers moved to custom backdoors with a unique configuration for each compromised system, further increased the resilience of their infrastructure, and employed improved counter forensic techniques.
The FireEye report also underlined that in 2016 it observed Russian groups trying to influence the US presidential election. The cybersecurity firm noted that there are signs that these groups will target the various upcoming European elections too.
Moreover, the study highlighted that threat actors are causing disruption by trying to gain proprietary information to advance the capabilities of domestic companies. Additionally, cyber threat groups could target European industrial control systems for potentially disruptive or destructive operations.
Finally, the report stated that threat hunting was once a niche skill, but as often happens, those expert skills have become better codified and accessible to less experienced analysts as more training and tooling to support the skill has become available. Threat hunting is now among the most commonly sought skills in defensive security, and the associated training and education markets are shifting to meet this demand.
“In 2016 we saw cyber-attacks spread widely and publicly into areas such as elections and attackers became more sophisticated. By looking at the dropping levels of dwell time we can see that organisations are improving, but there is still much to do as attackers only need a few days to complete their objectives,” said Stuart McKenzie, Vice President of Mandiant, FireEye. “The improvement is down to increased awareness, technical advances and investments in effective resources. Government enforced schemes like GDPR are also encouraging organisations to get their house in order. However, when compared to the rest of the world, EMEA still lags behind significantly in some areas which boardrooms across the region will have to fix quickly.”