The FireEye Advanced Threat Report 2013: UK & Ireland Edition

Accompanying our Regional Advanced Threat Report (ATR) for Europe, we are also drilling even deeper with a Regional ATR focused on the United Kingdom and Ireland (UKI). During our assessment of these two countries, we have identified all types of threat actors compromising our customers’ networks: nation state, cyber criminals, activists, and amateurs alike.

This report summarizes 2013 data gleaned from the FireEye Dynamic Threat Intelligence (DTI) cloud of worldwide malware protection platforms. Over the past year, FireEye:

  • Recorded over 70 new workstations infected every day
  • Identified more than 42 APT families
  • Observed threats impacting all verticals, particularly Financial Services, Telecom, and Energy

As we saw with the European report, the rate of increase in workstation infections across Ireland and the UK skyrocketed in the last four months of 2013. This may indicate that threat actors increased the volume of activity against organizations in the United Kingdom and Ireland in the post-vacation lull because they anticipated employees would be less attentive around security matters and thus have a higher rate of success. Alarmingly, the number of unique infections more than tripled from January to December 2013.


Figure 1 – Unique Infections Trending over 2013

Next, let’s consider which industry verticals in UKI were most infected by attackers. Unsurprisingly, the Financial Services vertical is far and away the most targeted in UKI as “The City” is the largest financial platform for Europe and the world. Of course, threat actors have also been busy targeting the other high-value industries of UKI, particularly the Telecommunications and Energy/Utilities/Petroleum Refining verticals. As with the rest of Europe though, no industry vertical was spared in the UK or Ireland and this trend will likely continue as new attack vectors enter these industries.


Figure 2 – Unique Infections by Industry Vertical (Listed from Most-Infected to Least on Right)

Rising Attack Landscape Means Rising APT Families

The consistency between the UK’s and Ireland’s threat landscapes has also extended into the way the APT attacks are carried out. Most important to highlight is that Federal Government continues to be the number one target in UKI – as with Europe – only with that industry vertical accounting for a startling 49 percent of APT attacks versus 25 percent for all of Europe.


Figure 3 – APT Distribution per Vertical (Listed from Most-Targeted to Least on Right)

Financial Services remains a top-three target of APT attacks as well in UKI, but the Energy/Utilities/Petroleum Refining industry climbs from seventh place in Europe to second place in UKI. Given the major corporations in those spaces operating out of UKI, that these organizations are a prime target by APT actors is unsurprising.

How those APT attacks were carried out is shown in the chart below identifying the 21 APT malware families that we identified in attacks throughout 2013.


Figure 4 – APT Malware Families for UKI

 We previously noted in our European report that, when looking at the sheer number of APT attacks, the United Kingdom received the second most of any European country in 2013. Despite trailing Germany as the most-targeted European nation, the UK was tied for fourth globally with France and Thailand when it came to most verticals targeted by APT attacks. Specifically, all three nations saw 12 distinct verticals hit, with the next closest European nation being Germany with nine verticals.


Figure 5 – APT Attacks by Country

While the UK and Ireland face unique challenges based on the maturity of the Financial Services, Telecommunications and Energy-based industries that are based there, we have found that the overall market is very much in-line with the rest of Europe. Thus, as with our outlook for the whole of Europe, we see an opportunity for UKI cyber defenders to get ahead of the rapidly expanding advanced threat actors.

To find out more about the report or how to address these rising issues, come visit the FireEye team at InfoSec UK at Stand J60.