Organisations in the business and professional services, retail and hospitality, financial, healthcare and high technology were the top targets of cybercriminals in 2020, said a new report on Tuesday.
According to the “FireEye Mandiant M-Trends 2021” report, organisations in the retail and hospitality industry were targeted more heavily in 2020 — coming in as the second most targeted industry compared to 11th in last year’s report.
Healthcare also rose significantly, becoming the third most targeted industry in 2020, compared to eighth in last year’s report.
This increased focus by threat actors can most likely be explained by the vital role the healthcare sector played during the global pandemic.
While last year’s report noted a drop in internal detections of intrusions compared to the previous year, Mandiant experts observed a return of organisations independently detecting most of their own incidents.
Internal incident detection rose to 59 per cent in 2020 — a 12-point increase compared to 2019.
This return to organisations detecting the majority of intrusions within their environments is in line with the overall trend observed over the last five years, said the report.
“Multifaceted extortion and ransomware are the most prevalent threats to organisations. In this year’s report, direct financial gain was the likely motive for at least 36 per cent of the intrusions we investigated,” said Charles Carmakal, Senior Vice President and Chief Technology Officer, Mandiant, a part of cybersecurity company FireEye.
“Data theft and reselling of unauthorised access to victim organisations remain high as multifaceted extortion and ransomware actors have trended away from purely opportunistic campaigns in favour of targeting organisations that are more likely to pay large extortion demands. Given this surge, organisations must take proactive action to mitigate the potential impact.”
Over the past decade, there has been a trending reduction in global median dwell time – defined as the duration between the start of a cyber intrusion and when it is identified, according to Mandiant.
This measure went from over one year in 2011 to just 24 days in 2020 – that is more than twice as quickly identified in comparison to last year’s report with a median dwell time of 56 days.
Mandiant attributes this reduction to continued development and improvement of organisational detection and response capabilities, along with the surge of multifaceted extortion and ransomware intrusions.
“This year’s M-Trends report identified the three most frequently used initial vectors of compromise as exploits (29 per cent), phishing emails (23 per cent) and stolen credentials or brute force (19 per cent),” said Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant.