Regional Advanced Threat Report for Europe, Middle East and Africa 1H2015

Motivated by a plethora of objectives, threat actors are increasing their level of sophistication to steal personal data and business strategies, gain a competitive advantage, or degrade operational reliability. This blog focuses on what we have observed during the first half of this year in Europe, Middle East and Africa.

The threat landscape has changed considerably from our previous report published in 2014. New findings emphasize that threat actors are agile, focused and will target organization and geographies where they see clear benefits.

Here are our key observations:

First, the amount of malware observed has doubled in the first half of 2015. This clearly indicates that the advanced persistent threat (APT) problem is growing and threat actors are continuing to leverage their tools, techniques, and procedures.

 

More than 50 percent of unique APT infections seen in EMEA for the first half of 2015 impact five countries:

  1. Israel
  2. Saudi Arabia
  3. Spain
  4. Germany
  5. United Kingdom

 

emea-map

In those countries, advanced threat actors have been specifically targeting the following sectors: energy, aerospace, government, and financial services. The geo-political situation within the evolving energy market has been a key motivation to gain access to information. Financial services has constantly been a targeted sector.  

Additionally, we have seen more sophisticated and organized cybercriminal campaigns continually innovating their evasion techniques for financial purposes. We specifically followed the evolution of the Ransomware and Dridex malware families during the first half of 2015. Cybercriminals adapted their techniques, tactics, and procedures as the malware was detected. As Ransomware is easier to detect, cybercriminals leveraged Dridex as a new delivery mechanism for financial gain.

Focus on the UK

Education, energy and financial services represent more than 50 percent of observed attacks.

Focus on Germany

The number of threats observed in Germany tripled between January and June 2015, and the manufacturing sector was most impacted. Threat actors here are clearly focused on gaining access to intellectual property.

Focus on France

The number of threats observed in France quadrupled between January and June 2015, with the aerospace and government sectors most impacted.

Focus on Gulf and Saudi Arabia

We observed that almost 50 percent of advanced threats in Saudi Arabia targeted the energy sector. We believe this is due to oil prices remaining low after falling in the past two quarters, and production by the world’s top producers continuing at the same rate.

We again see evidence that advanced cyber threats are increasing in EMEA. The cyber threat landscape closely follows the geo-economic and political situations. The high number of APT events suggests a high level of information theft.

We recommend the following:

  • Implement a security program that incorporates threat intelligence
  • Embrace technology that helps you accelerate the detection and identify the most effective plan; timing is paramount in minimizing the impact to the business
  • Establish an incident response service to quickly detect and react to advanced threats, and contain them as quickly as possible

To view all the findings from our EMEA ATR for first half of 2015 please click here.