Today we release M-Trends 2020, the 11th edition of our popular annual FireEye Mandiant report. This latest M-Trends contains all of the statistics, trends, case studies and hardening recommendations that readers have come to expect through the years—and more.
One of the most exciting takeaways from this year’s report: the global median dwell time is now 56 days. That means the average attacker is going undetected on a network for under two months—an M-Trends first. This is a very promising statistic that demonstrates how far we’ve come since 2011 when the global median dwell time was 416 days. And yet, we know a sophisticated attacker needs only a few days to gain access to the crown jewels, so there is still plenty of room for improvement.
Another interesting statistic in the report is what we refer to as "detection by source." For the first time since 2015, the majority of organizations are being notified of compromises by external sources (53 percent) over internal teams (47 percent). This is more likely due to factors such as increases in law enforcement notifications and compliance changes, and less likely due to internal teams having lost a step.
There’s a whole lot more to look forward to in M-Trends 2020, including:
- By the Numbers: Global median dwell time and detection by source are just the tip of the iceberg—we share a number of other statistics related to targeted industries, malware, threat techniques and more.
- Newly Named APT Groups: Learn all about APT41, group responsible for carrying out Chinese state-sponsored espionage and financially motivated activity since as far back as 2012.
- Trends: We take a deep dive into the latest trends involving malware families, monetizing ransomware, crimeware as a service, and malicious insiders.
- Case Studies: With so many organizations moving to the cloud, we take a look at a breach involving cloud assets. We also take readers through a campaign where attackers were targeting gift cards.
While M-Trends 2020 contains plenty of new information, the goal of M-Trends has remained the same since the beginning: to arm security professionals with details on the latest attacks and threats we are seeing during our engagements.