FireEye’s latest Advanced Threat Report shows the government, energy and finance sectors subjected to the most attacks
FireEye, Inc., the leader in stopping today’s advanced cyberattacks, recently revealed key insights on the state of cyber attacks across the EMEA (Europe, Middle East and Africa) region, particularly in the countries of the GCC (Gulf Cooperation Council).
In recent years, the GCC states have witnessed a spate of attacks, targeting key industries and critical infrastructure. The Regional Advanced Threat Report for EMEA provides an overview of APTs (Advanced Persistent Threats) targeting computer networks that were discovered during the second half of 2015. Financial, geopolitical and economic changes made 2015 a very busy year for the region, particularly in the cyber realm. When comparing the second half of 2015 to the first half, FireEye has identified a considerable degree of evolution in the EMEA cyberthreat landscape while monitoring changing cyber trends.
Key findings by FireEye include:
- Emerging nation-state sponsored threat actors from the Middle East were identified, making an impact in terms of the volume of potential attacks.
- The number of alerts in the GCC doubled during 2015, with a noticeable rise during the second half of the year.
- Macro driven malware detections in the GCC also rose during the second half of 2015. Cybercriminals continue to utilise macro-embedded Microsoft Office documents to deliver malicious payloads.
- Advanced threats are increasingly targeting governments, the energy sector and the financial services industry in the GCC. These three verticals alone accounted for 65% of identified attacks.
- Cyber attacks continue to reflect on-going real-world events. Turkey in particular witnessed a substantial rise in attacks (27% of all attacks in the EMEA region) in the second half of 2015, coinciding with a change in the political climate in the country.
- Ransomware continues to pose a threat to organisations, with the malware development lifecycle being so short that a strong defence is still a major challenge for many organizations.
The evidence highlighted in the report demonstrates that geopolitical, financial and economic changes happening in the real world are mirrored in cyberspace as well. The changes to the threat landscape between the first half and the second half of 2015 are considerable, demonstrating once more the speed at which threat actors operate.
“Over the years, we have seen that real-world developments are being played out in cyberspace, and 2015 was no exception. As cyberattacks continue to rise at an alarming rate, traditional security solutions will prove to be inadequate in the long run,” says Richard Turner, President for the EMEA region at FireEye. “Geopolitical developments and the GCC’s position as a hub for finance, energy, real estate, retail, tourism and aviation have put it in the crosshairs of a wide range of cyber attackers. The high level of connectivity in the region also makes it ripe for opportunistic and advanced threat actors. FireEye’s Advanced Threat Report [summarizes intelligence on cyberthreats, aiding companies by providing invaluable insights and helping them allocate resources towards a robust defense infrastructure.”
Motivated by numerous objectives, threat actors’ capabilities and level of sophistication are rapidly evolving to steal more information, including personal data and business strategies, in order to gain a competitive advantage or degrade operational reliability. Looking forward, FireEye predicts that malicious actors targeting entities in the GCC region are going to become even more disruptive as attackers modify or destroy targeted data.
In light of these developments, it is highly recommended that organizations take the following steps to defend themselves from the latest generation of emerging cyberthreats:
- Assume your organization is a target and that your existing security controls can be bypassed. No entity is off-limits to a cyber attacker.
- Establish a cyber risk framework that enables the business with board-level sponsorship.
- Acquire threat intelligence in order to augment and enrich detections from your sensors.
- Establish an incident response/management service that will enable you to detect and react to an APT event quickly, mitigating the impact of a breach as much as possible.
- Bring in the right technology that could identify these new threats.
- Establish a clear response plan with board-level sponsorship and involvement to be prepared if a breach does occur.
About FireEye, Inc.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyberattacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyberattacks in real time. FireEye has over 4,700 customers across 67 countries, including more than 730 of the Forbes Global 2000.