Targeted and malware attacks on European organisations doubled in the first half of 2014 with government, energy, finance and telecoms in the UK and Germany the hot targets, according to FireEye’s latest EMEA Threat Report.
At Techworld, we always publish these sorts of analyses with caveats because there are usually at least one or two. In this instance, while it is possible that the Advanced Persistent Threats (APTs) FireEye pays attention to have risen during the period it is also possible that they are simply being better detected than they were before.
Similarly, that Germany (the EU’s largest economy) and the UK (by some measures the second largest economy and also the US’s biggest EU ally) would be popular targets for what are almost certainly largely Russian, Chinese and possibly Syrian attacks is not surprising.
That said, FireEye’s numbers are drawn from its own customers among that sensitive group, so any rise is interesting.
The firm’s statistics from its FireEye Dynamic Threat Intelligence (DTI) cloud (which it says has been filtered to weed out ordinary criminality), showed that the number of unique malware attacks had doubled from around 10 percent of all malware to closer to 20 percent in only six months.
Top targets were the UK (17 percent), Germany (12 percent), Saudi Arabia (10 percent), Turkey (9 percent), and Switzerland (8 percent), with a range of smaller European nations showing smaller figures.
FireEye’s charts also underline that there is barely a country on earth that isn’t getting some of this kind of APT traffic these days, with South Africa, Ireland and even Monaco on the hit list.
FireEye’s explanation for the apparent ordering of targeted countries is the concentration of verticals in each, with finance (16 percent), telecom (13 percent) and energy (12 percent) not far behind the Government (28 percent) in terms of popularity.
Attackers were also attempting to penetrate networks of targets using trusted partners, for instance getting inside local government departments as a way of probing central government.
DarkComet, njRAT (LV), Taidoor, and XtremeRAT were the most commonly-detected families of attack malware, all popular with Chinese and Syrian attackers.
“Advanced attacks are the new reality for business and government,” said FireEye EMEA VP, Richard Turner.
“By preparing an effective defensive strategy, organisations can avoid the risk of sitting on the sidelines as their data and intellectual property find their way to competitors, adversaries or hacktivists."
FireEye's prominent anti-APT credentials remains good, as its recent co-operation with a range of rivals to counter the Chinese Hidden Lynx attacks held responsible for the infamous Aurora attacks on Google in 2010 has underlined.