Organizations in the EMEA Region Ahead of Asia Pacific Counterparts in Threat Detection

Monday 19 September 2016

Dubai - MENA Herald: FireEye, Inc., the leader in stopping today's advanced cyberattacks, recently announced the release of the 2016 Mandiant M-Trends report for the Asia Pacific region. Conducted by Mandiant’s leading consultants, the report provides knowledge of unique, region-specific challenges so that organizations can improve their security posture and better defend networks against sophisticated, well-funded and relentless advanced attackers.
The Asia Pacific report follows from the 2016 Mandiant M-Trends report for Europe, Middle East and Africa announced earlier this year and drills down into the statistics collected during investigations conducted in EMEA.
Based on regional observations mapped across the two reports, FireEye now reveals a comparative analysis of the two regions from a threat landscape and readiness perspective.
APAC vs EMEA Comparative:
Threat Detection: The median dwell time (time between compromise and detection) in the Asia Pacific region was 520 days – 51 days higher than the EMEA median of 469 days.

Information Stolen: The majority of attacks in the APAC region observed by Mandiant consultants targeted email (40%), sensitive documents (20%), infrastructure documents (20%) and personally identifiable information (PII) (20%). In the EMEA region, attacks were largely concentrated on acquiring database content (19%) followed by infrastructure documents (18%) and intellectual property (18%).

Data Loss: On average, every incident investigation by Mandiant revealed that each organization in APAC lost data amounting to 3.7 GB to cyberattacks; in comparison in EMEA, lost data amounted to an average 2.6 GB per organization.

Internal Vs. External Detection: Mandiant investigations in APAC revealed the region to be split almost equally, with 45% of incidents discovered internally and 55% of notifications coming from external sources. In EMEA, organizations predominantly rely on internal detection capabilities (88%) and rarely receive breach notifications from third parties (12%).

Ability to Detect Compromise: The APAC report reveals that few organizations in APAC have the right combination of intelligence, technology and expertise to establish and maintain strong internal detection systems. In contrast, the EMEA report showed that few organizations have their own threat intelligence and therefore are dependent on technology for detection.

Persistence Mechanisms: Mandiant investigators observed a range of mechanisms used by attackers to maintain long term access to compromised environments across both APAC and EMEA organizations. Some of the more common mechanisms are malicious backdoors, web shells and virtual private networks (VPN) access.
Additional Highlights:
Some attacker tools were used to almost exclusively target organizations within the APAC region
An example of this is APT30. In April 2015, it was discovered that APT30, a suspected China-based threat group that has exploited the networks of governments and organizations across the APAC region, was targeting highly sensitive political, economic and military information. The group appeared to have operated uninterrupted for at least a decade and likely had little reason to change their operating methods because they were not detected.

An average of 10 authorized user accounts and three authorized administrator-level accounts in APAC were compromised during a breach
In APAC, attackers used legitimate accounts to blend into the environment — and go undetected — while attempting to complete their nefarious tasks. In EMEA, Mandiant Consulting observed that attackers used an average of 37 user accounts and seven administrator-level accounts during a compromise.
“The Mandiant M-Trends report evidences the steady evolution and advancement of attackers. The stark differences between observations reported in the APAC and EMEA regions, reveal how cyber attackers are employing diverse, well thought out approaches, designed to leverage the varied state and understanding of cybersecurity in different parts of the world,” said Stuart Davis, Director of Mandiant Services at FireEye. “Organizations must understand that cyberthreat actors are a global problem and are increasingly operating with impunity, unconcerned with frontiers and regulations. The rise of APTs, along with an expansion in their activities, should also be noted by modern-day organizations, and dealt with accordingly. It’s important to adopt a behavioral analysis detection approach to identify high-risk security threats such as APTs, since signature detection will only find known threats. Whether in EMEA or APAC, organizations must invest in enhancing their overall security posture — investing in the right people, processes and technology to improve incident detection and response capabilities.”

Related News