Mandiant releases threat data forecast report for 2023
Mandiant's experts have collaborated to examine 2022's threat data and trends to compile a forecast report shedding light on what to expect in the coming year.
The report finds that cybercriminals will continue to rely on extortion, but the actual deployment of ransomware might decline.
Additionally, providers of Ransomware-as-a-Service (RaaS) will modernise their software in an effort to shift their focus to exfiltrating data and "leaking sites" to publicly shame victims.
The report finds that Europe is expected to become the most targeted region for ransomware attacks.
Further, Mandiant says we can expect to see more non-organised attackers and non-nation state attackers carrying out intrusions.
The report also indicates a continued escalation in cyber espionage and information operations activity that supports China's national security and economic interests.
Moreover, Russia is willing to use disruptive tactics as well as false or co-opted hacktivist fronts to claim responsibility for data leaks and data destruction. Mandiant notes that organisations should watch out for this extending outside Ukraine and Russia's other immediate neighbours.
Mandiant is also highly confident that North Korea will continue to pursue operations supporting its regime with revenue streams and strategic intelligence.
The release of this report comes after Mandiant Breach Analytics became available for Google Cloud's Chronicle Security Operations suite to assist enterprises in ensuring their security is robust and minimises business risks.
Mandiant Breach Analytics brings together the company's threat intelligence and the power of Google Cloud Chronicle Security Operations suite and comes as part of its mWISE Conference 2022.
Mandiant notes that threat actors are becoming increasingly sophisticated and aggressive in their attacks, targeting enterprises of all sizes throughout every industry.
In addition, the company acknowledges global median dwell, which it defines as the duration between the beginning of a cyber intrusion and when it is identified.
It says that currently, global median dwell sits at an average of 21 days and that being able to find and respond to a breach quickly is crucial to ensuring business operations are maintained.
Mandiant Breach Analytics is intended to give organisations the means to reduce attacker dwell time by continuously monitoring events in Chronicle for current, relevant indicators of compromise (IOCs) and applying contextual information and machine learning to prioritise the matches.
Further, active insights into threats provide businesses with the ability to quickly take action to mitigate the impact of targeted attacks while bringing down the cost of current approaches.
Enterprise benefits of Mandiant Breach Analytics include a more robust cyber defence posture, insight into breach activity in IT environments, as well as the ability to analyse cloud-scale security data, build resilience against the biggest threats, and minimise the cost of current approaches.
The offering is available to Chronicle Security Operations users, with Mandiant planning additional SIEM integrations.