Blog

M-Trends 2022: Cyber Security Metrics, Insights and Guidance From the Frontlines

Jurgen Kutscher
Apr 19, 2022
3 min read
|   Last updated: Mar 16, 2023
Mandiant
Incident Response
Threat Intelligence
Ransomware
Advanced Persistent Threats (APTs)
Financial Threat Groups (FIN Groups)
Uncategorized Groups (UNC Groups)
Remediation
M-Trends

The modern threat landscape is vast. Cyber attacks related to the conflict in Ukraine are surging. Critical and pervasive vulnerabilities such as “Log4Shell” have led to massive risk due to complexity of patching. Cyber criminals are conducting sophisticated ransomware and extortion operations at a rising tempo.

The work of the cyber security community is never done, but our willingness to remain relentless in our efforts is paying off. This is reflected in the latest edition of our annual report, M-Trends® 2022, which is released today.

Let’s start with the big question we know everyone is itching to know: Are organizations detecting attacks faster?

The answer is yes. We are pleased to report that from Oct. 1, 2020, to Dec. 31, 2021, the global median dwell time (the time from compromise to discovery) is now 21 days—down from 24 days in the previous reporting period. A three-week global median dwell time is a great milestone; however, a determined attacker only needs a few days to reach their objective, so organizations must remain vigilant and ready to respond.

M-Trends 2022 contains all the metrics, insights, and guidance the cyber security industry has come to expect, including:

  • Linux Malware Uptick: Newly tracked malware families effective on Linux increased to 11% in 2021 compared to 8% in 2020. Further, observed malware families effective on Linux increased to 18% in 2021 from 13% in 2020.
  • More Threats: We started tracking over 1,100 new threat actors and over 700 new malware families in the past year, and there is no indication that this trend will slow down anytime soon.
  • Ransomware Targeting: Financially motivated attackers are increasingly targeting virtualization environments with ransomware, and there are strategies that can be implemented to mitigate risk.
  • Multiple Threat Actors at Work: Whether working separately or together, more than one distinct threat group was identified in an environment for a quarter of our investigations—a trend we expect to see increase.
  • Mining a Little Deeper: The deployment of cryptocurrency coin miners by one financially motivated threat group led to the discovery of two nation-state actors in the same environments, highlighting the need for properly scoped investigations
  • Misconfiguration Mitigations: We observed various compromises due to misconfigurations when using on-premises Active Directory with Azure Active Directory to achieve a single integrated identity solution.

For over a decade, the mission of M-Trends has always been the same: to arm security professionals with insights on the latest attacker activity as seen directly on the front lines, backed by actionable learnings to improve organizations’ security postures within an evolving threat landscape.

Download M-Trends 2022 right now, register today to join the M-Trends 2022 Virtual Summit on April 27 to get a closer look from experts about the data and insights in this year’s report, and listen to our M-Trends 2022 podcast.