Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Mandiant Shares Insights Gained Through Hundreds of Attack Investigations

Information security services firm Mandiant, recently released its “M-Trends” report, offering insights and analysis based on hundreds of investigations conducted over the last year. The report highlights just how motivated attackers have become, and offers some suggestions for organizations looking to stay ahead of the game.

Information security services firm Mandiant, recently released its “M-Trends” report, offering insights and analysis based on hundreds of investigations conducted over the last year. The report highlights just how motivated attackers have become, and offers some suggestions for organizations looking to stay ahead of the game.

“In nearly a decade of responding to targeted attacks, one thing is constant — attackers will change their tactics as needed to successfully compromise their targets,” said Vice President of Customer Success, Grady Summers, one of the report’s principal authors.

Mandiant“The breadth of companies being targeted is growing and the rate of intellectual property theft is increasing faster than ever. Companies who have made responsible and sustained investments in information technology continue to be compromised.”

According to the report, a typical advanced attack can go unnoticed for more than a year. Once inside the victim’s network, attackers typically have plenty of time to reach their ultimate objective, whether that’s stealing intellectual property or financial assets. Often, it’s during the merger and acquisition cycle that compromises are detected, but by then it’s too late.

One of the most popular targets is the supply chain, the report explains, as attackers focus their efforts here in order to amass a larger IP portfolio. Overtime, attackers have learned that in order to gain full visibility into complex projects, data is required from all of the companies that partnered to design or build the targeted project.

According to a report released by the U.S.-China Economic and Security Review Commission last week, the close relationship between China’s military and Chinese telecom firms has created an avenue for state sponsored or directed penetrations of U.S. supply chains for electronics supporting military, government, and civilian industry. Such capabilities give “the potential to cause the catastrophic failure of systems and networks supporting critical infrastructure for national security or public safety,” the report notes.

Keeping pace with the frightening data, anti-Malware and other endpoint protections work well against known threats such as botnets, worms, and drive-by-attacks, but they rarely stop a targeted attack.

While Mandiant’s report outlines the threats observed by the company over the last year when it was called to investigate a case, they do offer several points when it comes to remediation.

For example, enabling logging of DHCP, DNS, VPN and Windows security events, on top of increasing password complexity; reducing cached credential storage; disabling LANMAN hashes; implementing aggressive patch management policies; and either developing or increasing end-user awareness initiatives are the number one consideration prior to beginning remediation of an incident.

“It is clear that the adversary is evolving — we have known that for years. However, in a decade of responding to advanced targeted threats, 2011 was an inflection point,” the report concludes.

“Despite all of this, a few things have not changed: visibility is paramount, smart people are more important than any technology, and the way you respond — when the inevitable happens — is what will determine whether you become a headline or not.”

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...