In those countries, advanced threat actors have been specifically
targeting the following sectors: energy, aerospace, government,
and financial services. The geo-political situation
within the evolving energy market has been a key motivation to gain
access to information. Financial services has constantly been a
Additionally, we have seen more sophisticated and organized
cybercriminal campaigns continually innovating their evasion
techniques for financial purposes. We specifically followed the
evolution of the Ransomware and Dridex malware families during the
first half of 2015. Cybercriminals adapted their techniques, tactics,
and procedures as the malware was detected. As Ransomware is easier to
detect, cybercriminals leveraged Dridex as a new delivery mechanism
for financial gain.
Focus on the UK
Education, energy and financial services represent more than 50
percent of observed attacks.
Focus on Germany
The number of threats observed in Germany tripled between January
and June 2015, and the manufacturing sector was most impacted. Threat
actors here are clearly focused on gaining access to intellectual property.
Focus on France
The number of threats observed in France quadrupled between January
and June 2015, with the aerospace and government sectors most impacted.
Focus on Gulf and Saudi Arabia
We observed that almost 50 percent of advanced threats in Saudi
Arabia targeted the energy sector. We believe this is due to oil
prices remaining low after falling in the past two quarters, and
production by the world’s top producers continuing at the same rate.
We again see evidence that advanced cyber threats are increasing in
EMEA. The cyber threat landscape closely follows the geo-economic and
political situations. The high number of APT events suggests a high
level of information theft.
We recommend the following:
- Implement a security program that incorporates threat
- Embrace technology that helps you accelerate the
detection and identify the most effective plan; timing is paramount
in minimizing the impact to the business
- Establish an
incident response service to quickly detect and react to advanced
threats, and contain them as quickly as possible
To view all the findings from our EMEA
ATR for first half of 2015 please click here.