Οverview of the advanced persistent threats (APT) in first half of 2014

The Advanced Threat Report for EMEA provides an overview of the advanced persistent threats (APT) targeting computer networks that were discovered by FireEye during the first half of 2014 in EMEA. Motivated by numerous objectives, threat actors are evolving the level of sophistication to steal personal data and business strategies, gain a competitive advantage or degrade operational reliability.

This report summarizes first half of 2014 data gleaned from the the company's Dynamic Threat Intelligence (DTI) cloud.

Based on this information and insight, the company reports the following:

• Malware attacks—especially advanced targeted attacks—have nearly doubled in the first half of 2014
• The UK and Germany were the most targeted countries
• Government, financial services, telecommunications and energy were the most targeted verticals.

Government, Financial Services and Telecom organizations represent more than 50% of total APT detections, and all are considered strategic industries.

Non-targeted cybercrime is a growing and serious risk to individuals and organisation in EMEA. Asstated in the report, the authors behind two popular remote access tools (RATs), njRAT and h-w0rm, likely reside in Kuwait and Algeria. While both tools used in targeted attacks against companies in the energy and telecommunications sector, they have also been used in run-of-the-mill phishing and cybercrime attacks as well. Cyber criminals will often harvest credential or financial information through logging keystrokes or grabbing credentials stored by a web browser. FireEye expects that high-profile organisations in the Middle East and North Africa, particularly government and military entities, face a high risk of targeting by hacktivists based inside and outside the region.

Saudi Arabia, Turkey and Qatar (not displayed on the map) have a 10%, 9% and 5% detection rate respectively.

The report concludes that five success factors are:

1. Assume you and your organisation is a target and that your existing security controls can be bypassed
2. Establish a cyber-risk framework that enables the business with board level sponsorship
3. Establish an incident response/management service in a SOC/CIRT team to be able to detect and react to an APT event quickly
4. Enhance your visibility with external threat intelligence to understand who might attack you and how to avoid the tools, techniques and procedures they use
5. Bring in the right technology that could identify an APT.