FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019.

According to the FireEye Mandiant M-Trends 2020 report, FireEye analyzed 1.1 million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

“In 2019, we observed over 500 new malware families, 58% of which were discovered through Mandiant service efforts, including incident responses.” reads the FireEye report. “The majority of these new samples either impacted Windows or multiple platforms. While we do see new malware families solely impacting macOS and Linux, they remain in the minority.”

Mandiant experts named the China-linked APT41 threat actor as one of the most prolific cyber threat group.

The APT41 has been active since at least 2012, it was involved in both state-sponsored espionage campaigns and financially-motivated attacks since 2014. The group hit entities in several industries, including the gaming, healthcare, high-tech, higher education, telecommunications, and travel services industries.

Unlike other China-based actors, the group used custom malware in cyber espionage operations, experts observed 46 different malware families and tools in APT41 campaigns.

Mandiant also reported that 53% of data breaches it has investigated were discovered following a notification by an external party such as law enforcement agencies and cybersecurity vendors.

Some data included in the report are encouraging and demonstrate an increased awareness about cyber threats and the way to mitigate them.

The global median dwell time (the number of days an attacker remains undetected on the victim’s network) has continued to drop, from 78 days in 2018 to 56 days in 2019.

The global median dwell time was 141 days for internally detected intrusions, while in 2018 it was 184. For intrusions detected by external parties, the dwell time was only 30 days, while in 2018 it was 50 days.

“EMEA has seen a marked reduction in dwell times. In M-Trends 2019, we suggested that a steep rise in median dwell time was likely linked with organizations putting more emphasis on GDPR and increasing focus on security which may have revealed historic compromises.” continues the report. “EMEA statistics are now generally in line with the global averages, which reflect the improving security posture of organizations and highlight the ongoing challenges organizations face from sophisticated threat actors”

According to FireEye, one-third of the attacks observed in 2019 were financially motivated, while the second most common motivation was data theft aimed at espionage or intellectual property.

“While the threat landscape is evolving, new is not replacing old. Although we have observed new malware families, many of these attackers are the usual suspects we have seen over the years using familiar types of attack techniques with malware based on a handful of known malware families.” concludes the report. “And these threats and activities never stop. There are more active groups now than ever before, with significant APT and FIN activity. These groups are using a combination of custom intrusion tools and publicly available tools, typically in the same parts of the attacker lifecycle. While targeted industries and overall motivations have remained consistent, we are seeing a marked expansion of threat actor goals, including new ways to monetize intrusions and overall diversification in threat activity.”

Pierluigi Paganini