With shorter dwell time, cyber defenders globally are seen improving detection capabilities
2024-07-08Mandiant, the global cybersecurity form, recently unveiled the findings of its annual M-Trends report, which is based on frontline investigations and remediations of high-impact cyber-attacks worldwide throughout 2023. Now in its 15th year, the 2024 report reveals that organizations globally have made meaningful improvements in their defensive capabilities, while also being able to identify malicious activity affecting their organization more quickly than in previous years.
Throwing more light on this report, Yihao Lim, Google Threat Intelligence Lead Advisor for JAPAC, Google Cloud, shares further analysis on these trends besides highlighting the implications of Gen AI on the overall cybersecurity landscape -
One of the key takeaways from Mandiant’s cyber attack investigations and remediations conducted in 2023 is that the global median dwell time - the period during which cyber criminals have free access to a system before an MSP finally detects the threat - reached its lowest point in over a decade.
“In 2023, organizations detected intrusions within a median of 10 days, a notable decrease from 16 days in 2022,” explains Yihao Lim, Google Threat Intelligence Lead Advisor for JAPAC, Google Cloud. “Mandiant also tracked an improvement in internal detection of compromise in 2023 (46%), compared to 37% in 2022. These two trends - shorter dwell times and more internally detected events - suggest that defenders globally have improved detection capabilities.”
Interestingly, organizations in the Asia-Pacific region experienced the most dramatic decrease, reducing their median dwell time to 9 days, compared to 33 days in 2022. This variation could be driven by the quick moving ransomware used in the incidents in the region.
The M-Trends 2024 report further highlights key trends in industry targeted by cyber attackers. Mandiant found out that the sectors which were frequently hit by intrusions were - financial services organizations (17%) in 2023, followed by business and professional services (13%), high technology (12%), retail and hospitality (9%), and healthcare (8%).
“A common thread across the top targeted industries is their possession of a wealth of sensitive information, including proprietary business data, personally identifiable information, protected health information, and financial records. This makes them particularly attractive targets for attackers seeking to exploit this type of sensitive data,” cites Yihao Lim.
Another highlight of the report is that attackers are focusing more on evasions and remain on systems for longer, for example, through the use of zero-day vulnerabilities. They aim to avoid detection technologies (such as endpoint detection and response) and stay for a longer duration on networks.
“We are seeing threat actors capitalising on stolen employee credentials to login for malicious activities, while sometimes they use "living off the land" techniques whereby they conduct lateral movement via native tools in the environment. Sometimes threat actors also compromise legitimate infrastructure to host malware C2,” explains Yihao.
Is Gen AI further aggravating the situation?
The use of Generative AI in cybersecurity can have a tremendous impact. For instance, a GenAI model trained on vast amounts of historical cybersecurity data could identify patterns and trends, resulting in the ability to predict future threats.
Yihao, however, suggests three kinds of scenarios, which he believes Gen AI can give rise from both a threat actor and a cybersecurity business perspective.
From an IO perspective, this technology could enable threat actors to launch campaigns at a greater scale, and it could lead to higher volumes of content such as AI-generated imagery / videos or social media posts being created to further sow discord amongst target audiences.
In the second scenario, which is from a traditional cybersecurity perspective, Gen AI could be used by threat actors to create malicious scripts for attacks, which could result in lowering the barrier of entry for non-technical threat actors to participate in cyber attacks
From the businesses' perspective, which is the third scenario, cybersecurity experts can leverage Gen AI technology to help conduct cyber forensic analysis. For example, the new Gemini 1.5 Pro is able to function as a powerful assistant for analysts by automating malware analysis workflow and scale the capability of code analysis.
Yihao also clarifies that over the past few years, Mandiant has observed threat actors of varying motivations utilizing emerging technologies like Gen AI and LLM models for malicious purposes. “For example, taking the information operations (IO) perspective, the recent emergence of publicly accessible tools and their ease of use has led to their rapid adoption in support of IO by malicious actors.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.