Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

FireEye Report: U.S., South Korea Are Top APT Targets

By - Source: Toms IT Pro

FireEye published their 2013 Advanced Threat Report, which identified malicious activities, showing a global expansion of malware attacks and servers located in 206 countries and territories.

The data within the report represents an estimated 40,000 unique cyber-attacks and over 22 million malware command and control (CnC) communications. The report provides a global look into cyber-attacks that routinely bypass traditional defenses such as firewalls, intrusion protection systems (IPS), antivirus, and security gateways.

[ CHECK OUT : Best Antivirus Solutions for Windows 8.1 ]

The report only describes attacks that met the following criteria:

  • Occurred in 2013.
  • Attacks were aimed at FireEye customers.
  • Customers had to agree to share their attack metrics with FireEye.

Within the parameters above, the report gives an overview of the current threat landscape and the changing advanced persistent threat (APT) tactics and targets.

The reports also shows the countries where advanced attacks are most predominant and offers a detailed look at trends taking place within specific industries. A case study based on a known and publicly available malware tool, PIVY (Poison Ivy), which has been around since 2008, is included to show how APT actors can easily use free software for cyber attacks.

There are also sections that provide information regarding Java attacks, web browser attacks, application sandbox escapes, and zero-day campaigns.

Some of the key points from the 2013 Advanced Threat Report include:

  • Between 2012 and 2013, malware attacks on enterprise systems have doubled in occurrence from one malware attack every 3 seconds to one every 1.5 seconds.
  • The number of malware attack servers increased from 184 countries in 2012 to 206 countries in 2013.
  • The most common home to malware attack servers includes: U.S., Germany, South Korea, China, Netherlands, United Kingdom, and Russia.
  • The top 10 countries that were most frequently targeted by APTs were:
1.United States6.Germany
2.South Korea7.Switzerland
4.Japan9.Saudi Arabia
5.United Kingdom10.Israel
  • The top vertical markets that were most frequently targeted by APTs:
3.Technology8.Government (State/Local)
4.Financial services9.Chemicals
  • Java attacks were the most common zero-day tool of choice for cyber-attacks in the first half of 2013.
  • In the second half of 2013, FireEye saw a significant increase in the number of Internet Explorer (IE) zero-day attacks in which an attacker compromises a key website so that visitors whose IE browsers are vulnerable to the exploit are compromised. Attacks primarily targeted older versions of IE such as 7.0 and 8.0 although there was an increase in the number of more recent versions of IE being targeted.
  • There were also significant increases in the numbers of web-based attacks than email-based attacks.

"The increasing frequency at which cyber attacks are happening illustrates the allure of malware to those with malicious intentions. Across the board, we are seeing a global expansion of APTs, malware, CnC infrastructure, and the use of publicly available tools to facilitate the attack process. The global scale of the threat has put cyber defenders in the very difficult position of not having any clue where the next attack will come from," said Dr. Kenneth Geers, senior global threat analyst at FireEye.

To obtain a copy of the 2013 FireEye Advanced Threat Report visit