Mandiant^® Releases Annual Threat Report on Advanced Targeted Attacks

ALEXANDRIA, Va.--(BUSINESS WIRE)--Mandiant, the leader in security incident response management, today announced the availability of its fourth annual M-Trends report, M-Trends 2013: Attack the Security Gap™. The report, compiled from Mandiant’s advanced threat investigations during the last year, details the tactics used by threat actors to compromise organizations and steal data. The report also highlights incident response best practices employed by organizations that are most successful in combating advanced attackers. This year’s M-Trends also includes an overview of the APT1 threat group and a link to more than 3,000 technical indicators that Mandiant has provided to organizations so they can bolster their defenses.

“We’ve seen first-hand that a sophisticated attacker can breach any network given enough time and determination”

“We’ve seen first-hand that a sophisticated attacker can breach any network given enough time and determination,” said Grady Summers, Mandiant vice president and one of the report’s contributing authors. “It’s not enough for companies to ask ‘Are we secure?’ They need to be asking 'How do we know we're not compromised today? How would we know? What would we do about it if we were?'”

Some of the report’s highlights include:

• Nearly two-thirds of organizations learn they are breached from an external source.
  Targeted attacks continue to evade preventive defenses, but organizations are getting better at discovering them on their own. Still, a full 63 percent of victims were made aware they had been breached by an external organization such as law enforcement.

• The typical advanced attack goes unnoticed for nearly eight months.
  Attackers spend an estimated 243 days on a victim’s network before they are discovered – 173 days fewer than in 2011. Though organizations have reduced the average time between compromise and detection by 40%, many are still compromised for several years before detecting a breach.

• Attackers are increasingly using outsourced service providers as a means to gain access to their victims.
  As companies continue to outsource business processes such as finance, accounting, HR, and procurement, advanced attack groups are increasingly taking advantage of those relationships to gain access to the organizations.
• Attackers are using comprehensive network reconnaissance to help them navigate victims’ networks faster and more effectively.
  Attackers are frequently stealing data related to network infrastructure, processing methodologies, and system administration guides to gather the reconnaissance data they need to more quickly exploit network and system misconfigurations.

• Advanced Persistent Threat (APT) attackers continue to target industries that are strategic to their growth and will return until their mission is complete.
  Mandiant observed a relationship between the strategic priorities of the People’s Republic of China (PRC), the operations of PRC state-owned enterprises (SOEs), and data stolen through cyber intrusions from a wide variety of clients and industries. Of the top three industries repeatedly targeted, aerospace topped the list, followed by energy, oil and gas, and pharmaceuticals.

• Once a Target, Always a Target
  Organizations are being targeted by more than one attack group, sometimes in succession. In 2012, 38% of targets were attacked again once the original incident was remediated. Of the total cases Mandiant investigated in 2012, attackers lodged more than one thousand attempts to regain entry to former victims.

A full copy of the report can be accessed via Mandiant’s web site at www.mandiant.com/mtrends2013.

About Mandiant®

Mandiant is the leader in advanced threat detection and response solutions. Mandiant’s products and services protect the world’s most valuable data every day from targeted attacks. Headquartered in Alexandria, Virginia, with offices in New York, Los Angeles, San Francisco, and Dublin, Ireland, Mandiant’s customers include Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments, and the world’s leading law firms. The authors of 12 books and quoted frequently by leading media organizations, Mandiant security consultants and engineers hold top government security clearances and advanced degrees from some of the leading computer science programs. To learn more about Mandiant visit www.mandiant.com, read the company blog, M-Unition, follow on Twitter @Mandiant or Facebook at www.facebook.com/mandiantcorp.