Introduction
The lines separating the real world and the cyber realm have never been hazier. We’re seeing Russia engage in information operations in an attempt to influence the narrative surrounding their invasion of Ukraine, and attempt to disrupt critical infrastructure through both physical and cyber attacks. We’re seeing the invasion have an influence on the broader cybercrime ecosystem, notably in Europe, where actors are choosing sides or shutting down operations altogether. And we’re seeing actors engage in cybercrime to fund espionage to support the North Korean regime, targeting information on topics ranging from nuclear to COVID-19.
Every day Mandiant responders are investigating and analyzing the latest attacks and threats, and understanding how best to respond to and mitigate them. We pass these learnings on to our customers through our various services, helping them to stay ahead of a constantly evolving threat landscape.
In releasing our annual M-Trends report, we aim to provide some of that same critical intelligence
to the greater security community. M-Trends 2023 continues our tradition of offering details on the evolving cyber landscape, mitigation recommendations, and a wide variety of security incident-related metrics.
Let’s start with answering one of the biggest questions from our “By the Numbers” section. The answer is yes, attacks are being detected faster than ever before. From January 1, 2022, to December 31, 2022, the global median dwell time is now 16 days, down from 21 days in our M-Trends 2022 report. This may demonstrate an improved ability to detect attacks, but we also credit ransomware attacks to be a driving factor in reducing dwell time. Intrusions involving ransomware had a median dwell time of 9 days in 2022, compared to 5 days reported in M-Trends 2022.
The topics of M-Trends 2023 include:
By the Numbers: Organizations were notified of breaches by external entities in 63% of incidents compared to 47% in M-Trends 2022, which brings the global detection rates closer to what defenders experienced in 2014. We have many more signature metrics on targeted industries, attack types, threat groups, and malware use, along with new breakdowns based on trends and observations.
The Invasion of Ukraine: Russia’s invasion of Ukraine has consumed almost every aspect of Russia’s international relationships, and has evolved as nearly the sole driver of cyber threat activity from Russia in 2022. We cover operations dating back to before the physical invasion in February, including use of destructive and disruptive attacks, and information operations.
North Korean Financial Operations: For years, North Korea has reportedly conducted various illicit financial activities to fund the regime. The explosive growth of cryptocurrency is converging with
aggressive and flexible North Korean cyber capabilities, making it natural that at least some North
Korean threat groups would expand operations into this sector.
Shifting Focus and Uncommon Techniques: In 2022, Mandiant investigated a series of high-profile
intrusions that were successful and impactful to the targeted organizations despite significant
deviations from common threat actor behaviors, underscoring the threat posed to organizations
by persistent adversaries willing to eschew the unspoken rules of engagement.
M-Trends 2023 additionally contains a red team case study, tales of threat actors and vulnerabilities
from our Campaign and Global Events team, and details from our APT42 graduation.
M-Trends builds on our dedication to continue providing critical knowledge to those tasked with
defending organizations. The information in this report has been sanitized to protect the identities
of victims and their data.
Download & read the complete book below 👇👇👇
