FireEye’s incident response division Mandiant observed more than 500 new malware families last year, the company revealed in its M-Trends 2020 report released this week.
FireEye analyzed 1.1 million malware samples per day in 2019 and it tracked a total of 1,268 malware families. Of these malware families, more than 500 were not seen before.
While a majority of the new malware impacted either Windows or multiple platforms, the company has still seen tens of new malware families targeting macOS or Linux.
As for the data breaches investigated by Mandiant, the company reported that in 53% of cases a breach was discovered following a notification by an external party and in 47% of cases the intrusion was discovered internally. Between 2016 and 2018, the percentage of breaches detected internally was higher than detections resulting from external notifications, but FireEye believes the shift observed in 2019 is not due to companies being less capable of detecting breaches on their own.
Instead, it has attributed this shift to an increase in notifications by law enforcement and cybersecurity vendors, changes in public disclosure norms, and continued expansion of the cybersecurity industry.
FireEye says the global median dwell time — this is the number of days an attacker is present on the victim’s network before they are detected — has continued to drop. In 2019, it was 56 days, down from 78 days in the previous year. However, it’s worth noting that in the case of internally detected intrusions, the global median dwell time was 141 days, down from 184 days in the previous year. For hacks detected by outside parties, the dwell time was only 30 days, down from 50 days in 2018.
In the Americas, the median dwell time dropped only by 11 days compared to 2018, but in the APAC and EMEA regions the improvement was far more significant. In APAC, the dwell time dropped from 204 days in 2018 to 54 days in 2019, and in the EMEA region it dropped from 177 to 54. In the case of EMEA, FireEye believes the EU’s General Data Protection Regulation (GDPR) played an important role, as companies increasingly focused on security, which may have led to the discovery of historic intrusions.
According to FireEye, nearly one-third of the attacks Mandiant responded to last year were motivated by direct financial gain, including extortion, payment card theft, ransoms, and illegal transfers. The second most common types of incidents involved data theft in support of espionage or intellectual property.
“FireEye Mandiant has seen organizations largely improving their level of cyber security sophistication, but combatting the latest threats is still a huge challenge for them,” said Jurgen Kutscher, executive VP of service delivery at FireEye. “There are more active groups now than ever before and we’ve seen an aggressive expansion of their goals. Consequently, it’s crucial for organizations to continue building and testing their defenses.”
The FireEye Mandiant M-Trends 2020 report is available in PDF format.