Mandiant MTrends Cybersecurity Insights Report 2023

Annual cybersecurity reports from leading vendors like Mandiant typically feature comprehensive analyses of attack trends, detection metrics, and threat actor activities. In 2022, organizations detected intrusions faster, with median dwell times decreasing globally, while threat groups employed diverse techniques, including exploit abuse and social engineering, to target industries such as government, healthcare, and finance. #Mandiant #APT42 #RussianCyberOperations

Keypoints

  • These reports are structured into main sections covering investigative data, threat actor activity, attack techniques, industry targeting, and global cyber events, providing a holistic view of cybersecurity threats.
  • Key statistics reveal that the global median dwell time for intrusions decreased to 16 days in 2022, driven by improved detection methods and the prevalence of ransomware attacks which had a median dwell time of 9 days.
  • There was a significant increase in external notifications of breaches to 63% in 2022, indicating stronger collaboration between organizations and security partners in incident detection.
  • Detection capabilities improved across regions, with North America decreasing median dwell time to 10 days, while EMEA and APAC also showed enhancements, though with regional variability.
  • Attacks involving exploits remained dominant, with 32% initiating through exploit vectors, and phishing returning as a key initial infection method at 22%, illustrating persistent social engineering tactics.
  • Threat groups evolved with more multi-actor campaigns, including nation-states like Russia and China, and financially motivated groups, many leveraging malware families, with 588 new malware families tracked in 2022.
  • Attack techniques diversified, with adversaries increasingly using stolen credentials, exploiting vulnerabilities like Log4j, and leveraging opportunistic compromises for broader malicious activities such as crypto-mining and spam.
  • The report underscores the importance of proactive detection, collaborative intelligence sharing, and continuous adaptation to emerging attack vectors and threat actor behaviors in the evolving cybersecurity landscape.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)

Download Report from Github