top of page
CyberBackgroundBlue_min.png

Cyber Blog

CISOs Key Insights from the Latest Cybersecurity Report -Mandiant M-Trends 2024

Writer's picture: Colin Mc HugoColin Mc Hugo

Updated: Sep 23, 2024

OverviewThe Mandiant M-Trends 2024 report provides critical insights into the evolving landscape of cybersecurity threats. With a focus on attacker tactics, detection capabilities, and emerging trends, this report serves as a vital resource for organizations looking to bolster their defenses. As cyber threats continue to grow in sophistication and frequency, understanding these insights is essential for developing effective security strategies.


1. Detection Trends

  • Dwell Time: The global median dwell time has decreased to 10 days, down from 16 days in 2022. This is a significant improvement and indicates that organizations are getting better at identifying compromises more quickly. Dwell time measures how long an attacker can remain undetected in a system, and reducing this time is crucial to minimizing damage.

  • Detection Sources: In 2023, 54% of compromises were detected externally, highlighting the importance of external vigilance. Organizations that rely solely on internal detection methods risk being blindsided by external attacks. This shift underscores the need for robust partnerships with cybersecurity firms, law enforcement, and other external entities to enhance detection capabilities.


2. Ransomware Insights

  • Prevalence of Ransomware: Ransomware incidents accounted for 23% of investigations, demonstrating a resurgence in ransomware attacks. The report shows that attackers are not only encrypting data for ransom but are also stealing sensitive information to extort victims. This two-pronged approach increases their leverage over organizations.

  • Detection Times: Organizations detected ransomware incidents more quickly, with median detection times dropping to six days for ransomware-related intrusions. This rapid detection can significantly limit the extent of damage, as ransomware often spreads quickly once it infiltrates a network. Many organizations are investing in advanced detection technologies and improving incident response plans to achieve these results.


3. Global Trends

  • Evasion Techniques: Attackers are increasingly using evasion techniques to maintain persistence in networks. By leveraging methods such as “living off the land,” where they utilize legitimate tools already present in the environment, attackers can evade detection. This strategy makes it essential for organizations to monitor not just for malware but for unusual behavior from legitimate applications.

  • Edge Device Targeting: The report highlights a trend of targeting edge devices, where detection is often lacking. Attackers are exploiting vulnerabilities in devices such as firewalls and VPNs that may not be adequately monitored by traditional security solutions. As these devices often control access to critical resources, their exploitation can lead to severe consequences for organizations.


4. Regional Insights

  • Americas: In the Americas, 51% of compromises were identified externally, which aligns with the global trend. The median dwell time remains at 10 days, indicating that while detection capabilities are improving, there is still room for growth.

  • JAPAC: Organizations in the JAPAC region detected intrusions in just nine days, showcasing enhanced detection capabilities. This improvement may be attributed to increased investment in cybersecurity resources and a focus on employee training.

  • EMEA: Ransomware-related incidents in EMEA increased significantly, with a median dwell time of 22 days. The rise in such incidents suggests that attackers are becoming more aggressive in this region, necessitating a more proactive stance from organizations.


5. MITRE ATT&CK Framework

  • Technique Utilization: An impressive 74% of MITRE ATT&CK techniques were utilized in observed attacks, emphasizing the need for organizations to familiarize themselves with these tactics. Understanding these techniques can help organizations build more effective defenses and incident response strategies.

  • Top Techniques: The top techniques involved command and scripting interpreters, which attackers frequently leverage for execution. This highlights the importance of monitoring for potentially malicious use of PowerShell and other scripting tools, which can often appear benign.


6. Recommendations for Organizations

  • Enhancing Detection Capabilities: Organizations should enhance their detection capabilities by implementing advanced monitoring tools. Solutions such as Endpoint Detection and Response (EDR) systems, Security Information and Event Management (SIEM) platforms, and threat intelligence services can provide critical insights and alerts regarding potential compromises.

  • Training and Awareness: Ensuring that employees are trained to recognize signs of phishing and other social engineering attempts is essential. A well-informed workforce can serve as a frontline defense against cyber attacks, as many incidents begin with human error.

  • Collaboration with External Partners: Emphasizing collaboration with external partners can improve response times and detection rates for breaches. Engaging with cybersecurity firms for regular assessments and incident response planning can help organizations stay ahead of evolving threats.


Conclusion


Mandiant M-Trends 2024 emphasizes a significant shift in the cybersecurity landscape, with attackers becoming more sophisticated and defenders improving their detection capabilities. Continuous adaptation and education are essential for organizations to stay ahead of evolving threats. The report serves as a vital reminder that cybersecurity is a shared responsibility, requiring vigilance, collaboration, and an ongoing commitment to improvement.


Reference:-

8 views0 comments

Recent Posts

See All

Comments


  • Facebook
  • Twitter
  • Instagram
  • LinkedIn

© 2024 infinitesolutions.ie

bottom of page