Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FireEye Spotted Over 500 New Malware Families in 2019

FireEye’s incident response division Mandiant observed more than 500 new malware families last year, the company revealed in its M-Trends 2020 report released this week.

FireEye analyzed 1.1 million malware samples per day in 2019 and it tracked a total of 1,268 malware families. Of these malware families, more than 500 were not seen before.

FireEye’s incident response division Mandiant observed more than 500 new malware families last year, the company revealed in its M-Trends 2020 report released this week.

FireEye analyzed 1.1 million malware samples per day in 2019 and it tracked a total of 1,268 malware families. Of these malware families, more than 500 were not seen before.

While a majority of the new malware impacted either Windows or multiple platforms, the company has still seen tens of new malware families targeting macOS or Linux.

Number of Linux and MacOS malware families spotted by FireEYe

As for the data breaches investigated by Mandiant, the company reported that in 53% of cases a breach was discovered following a notification by an external party and in 47% of cases the intrusion was discovered internally. Between 2016 and 2018, the percentage of breaches detected internally was higher than detections resulting from external notifications, but FireEye believes the shift observed in 2019 is not due to companies being less capable of detecting breaches on their own.

Instead, it has attributed this shift to an increase in notifications by law enforcement and cybersecurity vendors, changes in public disclosure norms, and continued expansion of the cybersecurity industry.

FireEye says the global median dwell time — this is the number of days an attacker is present on the victim’s network before they are detected — has continued to drop. In 2019, it was 56 days, down from 78 days in the previous year. However, it’s worth noting that in the case of internally detected intrusions, the global median dwell time was 141 days, down from 184 days in the previous year. For hacks detected by outside parties, the dwell time was only 30 days, down from 50 days in 2018.

In the Americas, the median dwell time dropped only by 11 days compared to 2018, but in the APAC and EMEA regions the improvement was far more significant. In APAC, the dwell time dropped from 204 days in 2018 to 54 days in 2019, and in the EMEA region it dropped from 177 to 54. In the case of EMEA, FireEye believes the EU’s General Data Protection Regulation (GDPR) played an important role, as companies increasingly focused on security, which may have led to the discovery of historic intrusions.

According to FireEye, nearly one-third of the attacks Mandiant responded to last year were motivated by direct financial gain, including extortion, payment card theft, ransoms, and illegal transfers. The second most common types of incidents involved data theft in support of espionage or intellectual property.

Advertisement. Scroll to continue reading.

“FireEye Mandiant has seen organizations largely improving their level of cyber security sophistication, but combatting the latest threats is still a huge challenge for them,” said Jurgen Kutscher, executive VP of service delivery at FireEye. “There are more active groups now than ever before and we’ve seen an aggressive expansion of their goals. Consequently, it’s crucial for organizations to continue building and testing their defenses.”

The FireEye Mandiant M-Trends 2020 report is available in PDF format.

Related: Better Security Not Sole Factor for Improved Breach Detection Times

Related: Financial Attackers as Sophisticated as Nation-State Groups

Related: Breach Detection Time Improves, Destructive Attacks Rise

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Anirban Sengupta has been named the CTO and SVP of Engineering of cloud networking and security firm Aviatrix.

Axonius has named Nick Degnan as its first Chief Revenue Officer and Rob Casselman as its first Chief Customer Officer.

Craig Boundy has left Experian to join McAfee as President and CEO.

More People On The Move

Expert Insights