FireEye Research Reveals Increasingly Global Nature of Advanced Cyber Attacks
Next-Generation Threat Protection Company Publishes “Advanced Cyber Attack Landscape” Report; Finds 184 Countries Hosting Crimeware Servers; High Technology Companies Most Frequently Targeted; 89 percent of APT Attacks Leverage Chinese Attack Tools
FireEye®, Inc., the leader in stopping today’s new breed of cyber attacks, today announced the release of “The Advanced Cyber Attack Landscape” report and interactive maps that provide detailed insight into the global nature of malware communication activity related to sophisticated cyber attacks. The research highlights:
- The 184 nations that house communication hubs, or command and control (CnC) servers, with Asia and Eastern Europe accounting for the majority of activity.
- Technology organizations are among the most frequently attacked.
- The majority of Advanced Persistent Threat (APT) attacks—89 percent—are associated with tools developed and disseminated by Chinese hacker groups.
“The threat landscape has evolved, as cyber threats have outpaced traditional signature-based security defenses, such as anti-virus, and permeated around the world, enabling cybercriminals to easily evade detection and establish connections inside the perimeter of major organizations,” said FireEye CEO David DeWalt. “The FireEye research puts in proper perspective the global pandemic of this new breed of advanced cyber attacks.”
CnC servers are used heavily during the life cycle of an attack to maintain communication with an infected machine by way of callbacks, enabling the attacker to download and modify malware to evade detection, extract data, or expand an attack within a target organization.
“The Advanced Cyber Attack Landscape” draws from blocking more than 12 million callback events from 184 countries logged by the FireEye platform across thousands of end-user appliances during 2012. The FireEye platform is deployed behind firewalls, next-generation firewalls, intrusion prevention systems (IPS), anti-virus (AV), and other security gateways, representing the last line of defense against advanced attacks that bypass traditional signature-based security infrastructure.
Key findings from “The Advanced Cyber Attack Landscape” include:
- Cyber attacks have become a global activity – Over the past year, callbacks were sent to 184 countries. FireEye found that CnC servers are hosted in 184 countries—a 41 percent increase when compared to the FireEye findings in 2010 with 130 countries.
- Asia and Eastern Europe are attack hotspots – Looking at the average number of callbacks per company by country, the Asian nations of China, South Korea, India, Japan, and Hong Kong accounted for 24 percent of global callbacks. Not far behind, the Eastern European countries of Russia, Poland, Romania, Ukraine, Kazakhstan, and Latvia comprised 22 percent.
- Technology companies are highly targeted – Technology companies experienced the highest rate of callback activity associated with the next generation of cyber attacks. Technology companies are targeted for the theft of intellectual property, sabotage, or modification of source code to support further criminal initiatives.
- The majority of APT callback activities are associated with APT tools that are made in China or that originated from Chinese hacker groups. By mapping the DNA of known APT malware families against callbacks, FireEye discovered that the majority of APT callback activities—89 percent—are associated with APT tools that are made in China or that originated from Chinese hacker groups. The main tool is Gh0st RAT.
To review the interactive CnC callback maps please visit http://www.fireeye.com/cyber-attack-landscape/
To read the full report, “The Advanced Cyber Attack Landscape,” please visit http://www2.fireeye.com/WEB2013ATLReport.html
About FireEye, Inc.
FireEye® has pioneered the next generation of threat protection to help organizations protect themselves from being compromised. Cyber attacks have become much more sophisticated and are now easily bypassing traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways, compromising the majority of enterprise networks. The FireEye platform supplements these legacy defenses with a new model of security to protect against the new breed of cyber attacks. The unique FireEye platform provides the industry’s only cross-enterprise threat protection fabric to dynamically identify and block cyber attacks in real time. The core of the FireEye platform is a signature-less, virtualized detection engine and a cloud-based threat intelligence network, which help organizations protect their assets across all major threat vectors, including Web, email, mobile, and file-based cyber attacks. The FireEye platform is deployed in over 40 countries and more than 1,000 customers and partners, including over 25 percent of the Fortune 100.
# # #
FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.