Although the IT software supply chain and the technologists tasked with using those tools to keep organizations safe from cyberattacks continue to innovate, hackers are also adapting their techniques to target and infiltrate organizations’ IT environments, according to cybersecurity firm Mandiant’s M-Trends report.
The company’s M-Trends 2022 report, based on investigational metrics between Oct. 1 2020 and the end of 2021, shows that progress is being made in detecting an attacker in a target’s environment an average of three days faster, falling from 24 days in 2020 to 21 days in 2021.
While the median dwell time in the Americas remained steady at 17 days, the APAC region saw the largest decline, from 76 days to just 21 days, Mandiant found.
The report found that the majority of intrusions in the APAC and EMA regions were identified by external third parties (72% and 62%, respectively), but nearly the opposite was true in the Americas, where 60% of intrusions were detected internally.
While network defenses and detection improves, the cybercriminal underground continues to grow and adapt, Mandiant’s report says, with over 1,100 new threat actors and over 700 new malware families being tracked by the organization in the past year.
According to Mandiant’s M-Trends report, 86% of newly tracked malware families were non-public, and 72% of observed malware families used during an intrusion las year were nonpublic. This suggests that hackers and threat groups are innovating and adapting to effectively target victim environments and remain a step ahead of network defenders.
The report also details how multiple threat actors are often found in victim environments. According to Mandiant, more than one distinct threat group was identified in a compromised IT environment for a quarter of the company’s investigations. That is a trend Mandiant expects to increase, possibly due to threat actors working together.
In addition, Mandiant says new malware families effective on Linux increased to 11% in 2021 compared to 8% in 2020. Meanwhile, observed malware families effective on Linux increased to 18% in 2021 from 13% in 2020.
Mandiant’s M-Trends report also details new threats from China, which includes 36 unique Chinese threat groups, many of which are targeting U.S. organizations and agencies.
Sandra Joyce, executive vice president of Mandiant Intelligence, said in a statement that several trends from previous years continued into 2021, leading to the firm encountering more threat groups and malware families than any ever before.
Overall, this speaks to a threat landscape that continues to trend upward in volume and threat diversity,” Joyce said.