Cybersecurity company Mandiant has released its 16th annual M-Trends Report, based on frontline investigations and remediations of high-impact cyberattacks worldwide throughout 2024.
The report details infostealer malware proliferation and the threat to enterprise systems, North Korean IT worker insider threats going global, the Iranian threat landscape, including rising custom malware and Israeli targeting, cloud and SaaS data theft, and the cost of misconfigs and identity gaps.
Key findings and stats include:
-
Financially motivated actors rise, as espionage dips: Of the threat groups tracked by Mandiant, 55% of threat groups active in 2024 were financially motivated, a steady increase from 52% in 2023 and 48% in 2022. Eight per cent of threat groups were motivated by espionage, a slight decrease from 10% in 2023.
-
Stolen credentials reach a new high: The most common initial infection vector was exploits (33%) for the fifth consecutive year. Stolen credentials (16%) rose to the second most common in 2024, marking the first time this vector has reached this level and demonstrating its rising popularity. The remaining top five vectors include email phishing (14%), web compromises (9%), and prior compromises (8%).
-
The most frequently targeted industries: Financial (17.4%), business and professional services (11.1%), high tech (10.6%), government (9.5%), and healthcare (9.3%). These targeting trends are mostly consistent with prior years.
-
External sources first alerted organisations of a compromise 57% of the time in 2024, while 43% of the time it was identified internally. External notifications are divided into 43% from entities such as law enforcement and cybersecurity vendors, and 14% from adversaries, often in the form of ransom notes.
-
Global median dwell time rose to 11 days from 10 days in 2023, but is still below the 16 days reported in 2022.
“The findings in this year’s M-Trends report reinforce a critical truth for organisations across JAPAC; threat actors continue to adapt and innovate, and so must our defences,” said Mandiant Consulting Asia Pacific Managing Director Vivek Chudgar. “With exploits accounting for 64% of initial infection vectors in our region, which is nearly double the global average, it’s clear that attackers are laser-focused on exploiting vulnerabilities at scale.”
“At the same time, nearly 70% of compromises were detected by external parties, underscoring a continued need to improve internal visibility and response capabilities,” he added. “As financially motivated threats grow more sophisticated, our collective resilience depends on proactive threat intelligence, faster detection, and a relentless focus on closing security gaps before adversaries can exploit them.”
You can read the full report here.
