The American cybersecurity company FireEye published its annual report, entitled M-Trend 2021, which is based on data collected as part of an investigation into security incidents handled by the company. Most of the incidents investigated by Mandiant (59%) the 2020 were initially identified by the victims, with evidence suggesting improvement by 12% compared to 2019. Since its inception, Mandiant has identified more than 2.400 hacking groups, 650 of which were identified in 2020. Over the years, experts have combined or eliminated approximately 500 groups, and more than 1.900 different hacking groups are currently active (increasing by 100 compared to 2019).
Threats monitored by Mandiant include state hacking groups (APTs), financially motivated groups (FINs) and uncategorized groups (UNCs).
The report published by FireEye states the following: "In 2020, Mandiant experts investigated cyberattacks involving 246 different hacking groups. The agencies were attacked by four FIN teams, six APT teams - including teams linked to China, Iran and Vietnam - and 236 UNC teams. Of the 246 hacking groups observed, 161 were new groups in 2020. "
In 2020, Mandiant researchers discovered more than 500 new malware families, and experts observed 294 different malware families used in attacks investigated by the company. Of the nearly 300 malware families observed by Mandiant experts in cyber-attacks, 144 were malware families that Mandiant began monitoring in 2020.
According to Mandiant, the top five categories of malware detected in security incidents were: backdoors (36%), downloaders (16%), droppers (8%), launchers (7%) and ransomware (5%).
According to the report, 81% of the malware families detected were non-public, with most of the malicious code monitored by the researchers likely developing privately or with limited availability. In the latter scenario, the malware was reported or sold to a limited set of threat agents.
The top five malware families most observed in cyber attacks which were investigated by the experts were the following: BEACON, EMPIRE, MAZE, NETWALKER and Metasploit.
The report also notes the following: "Only 3,4% of malware families detected during a security incident were observed in 10 or more intrusions, while 70% of malware families detected were observed in only one intrusion."
It is worth noting that the majority of malware families discovered by Mandiant during its investigations were malware for Windows (94%), followed by malware for Linux (8%) and malware for MacOS (3%). 89% of malware was effective only against Windows systems.
Source of information: securityaffairs.co