FireEye: 650 new threat groups were tracked in 2020

FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020

FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation on security incidents it managed. Most of the incidents investigated by Mandiant (59%) in 2020 were initially detected by the victims, a data that is an improvement of 12% from 2019.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

Since its launch, Mandiant tracked more than 2,400 threat groups, 650 of them were tracked in 2020. Over the years, the experts combined or eliminated approximately 500 groups, leaving more than 1,900 distinct groups tracked at this time (+100 compared to 2019).

The threat actors tracked by Mandiant include nation-state actors, financially motivated groups, and uncategorized groups (known as UNCs).

“In 2020, Mandiant experts investigated intrusions that involved 246 distinct threat groups. Organizations faced intrusions by four named financial threat (FIN) groups; six named advanced persistent threat (APT) groups, including groups from the nation-states of China, Iran and Vietnam; and 236 uncategorized threat (UNC) groups. Of the 246 threat groups observed at intrusion clients, 161 of these threat groups were newly tracked threat groups in 2020.” reads the report published by FireEye.

FireEye: 650 new threat groups were tracked in 2020

In 2020, Mandiant researchers tracked more than 500 new malware families, while the experts observed 294 distinct malware families employed in attacks it investigated into compromised environments. Of the nearly 300 malware families observed by Mandiant experts during intrusions, 144 were malware families that Mandiant began tracking in 2020.

Mandiant provided a vertical analysis of the malware category distribution, which appears the same of the previous year. In 2020, the top five categories of malware involved in the incident were backdoors (36%), downloaders (16%), droppers (8%), launchers (7%) and
ransomware (5%)

According to the report, 81% of newly tracked malware families were non-public, most of the malicious code tracked by the researchers was likely privately developed or their availability is restricted. In the latter scenario, the malware was shared among or sold to a restricted set of threat actors.

The top five malware families seen most frequently during intrusions investigated by the experts were BEACON, EMPIRE, MAZE, NETWALKER, and Metasploit. An interesting data that emerged from the report is the lack of cross-pollination with respect to the malware used across incidents.

“Just 3.4% of malware families seen during an incident were observed at 10 or more intrusions, and 70% percent of malware families seen were only observed during a single intrusion.” continues the report.

threat actors fireeye report 2021 2

The majority of malware families observed by Mandiant during its investigations were Windows effective malware (94%), followed by Linux effective malware (8%) and MacOS effective malware (3%). 89% of the malware was only effective against Windows systems.

Additional information on TTPs used by threat actors is included in the report published by FireEye.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, FireEye)

The post FireEye: 650 new threat groups were tracked in 2020 appeared first on Security Affairs.

By admin