FireEye, the leader in stopping today’s advanced cyber attacks, introduces an overview of the threat landscape in the UK for the first half of 2015 in its Regional Advanced Threat Report (ATR) for EMEA. FireEye has examined the activity, attempts and targets of different Advanced Persistent Threats (APT) in the first six months of this year. The report is based on data from the FireEye Dynamic Threat Intelligence™ (DTI™) cloud and highlights the growing footprint of [A][a]dvanced [A][a]ttacks against enterprises in the UK.
“What we once knew as the network perimeter no longer exists and to add to that advanced attacks are not going away. Organisations need to recognise that the traditional ways of protecting themselves are simply inadequate today,” said Richard Turner, President EMEA at FireEye. “A single successful advanced attack has the potential to wreak operational and economic havoc on both governments and businesses.”
According to the data gathered by FireEye, the most targeted industries in the UK are education, energy and financial services which account for more than two thirds (68%) of all observed attacks in the UK. The verticals targeted in the UK in order of rank are:
- Education
- Energy/Utilities
- Financial services
- Aerospace/Defense
- High-Tech
- Telecom
- Entertainment/Media/Hospitality
- Government: State & Local
- Manufacturing
Although FireEye found that the UK remains in the top five most targeted countries in EMEA, the UK has dropped from number one in 2014 into fifth place for the first half of this year. The majority of targeted attacks on UK enterprises that are having the most impact come from StickyFingers, a malware which is associated with persistent threat groups including APT18 and APT26, two identified Chinese APT groups. Sticky Fingers, also known as QUICKBALL, is a simple DLL backdoor that is used by China-based advanced persistent threat actors to gain reverse shell access to infected systems. It has been observed in the healthcare, high-tech, consulting, manufacturing, energy and utilities, telecommunications, aerospace, education, and legal services industries.
Richard Turner comments: “Today’s cyber resilient organisations work on the assumption that they will be breached at some point and have rebalanced their security investments to ensure they can rapidly return to normal productive operation following an attack. It’s critical that organisations have appropriate response strategies in place, which should include partnerships with organisations that have the technology and expertise to sufficiently mitigate the business risks. These are decisions that need to be made at a boardroom level and not just within the IT department.”
Across the wider EMEA region, the FireEye report reveals that incidents of malware attacks increased in the first half of 2015. Unique infections grew more steadily month on month across EMEA, demonstrating the persistence of criminal threat actors.
To view the full report, please visit: http://www2.fireeye.com/rs/848-DID-242/images/fe-rpt-regional-atr-emea.pdf