Advanced targeted attacks against FireEye customers nearly doubled over the first half of 2014, with the UK singled out as the country impacted the most in EMEA.
FireEye’s Regional Advanced Threat Report for 1H 2014 analysed data from the firm’s Dynamic Threat Intelligence (DTI) cloud to reveal that APT-style attacks grew across EMEA from a little over 10% in January to almost 20% in June 2014.
The UK was targeted the most, accounting for 17% of attacks, followed by Germany (12%), Saudi Arabia (10%) and Turkey (9%).
The findings correlate with research by Proofpoint last month which found that unsolicited emails headed for UK inboxes are around three times as likely to contain a malicious URL as those aimed at US, German or French users.
“APTs most often start with advanced email attacks such as spear-phishing and ‘longlining’ which con recipients into clicking a malicious link that gives the attacker control of the recipients PC or device,” said Proofpoint EMEA director, Mark Sparshott.
According to the FireEye report, some 12 verticals were targeted in the UK, by far the highest of any country in EMEA, followed by Germany (7).
Across the region, government (28%) continued to be the biggest hit sector, followed by financial services (16%) and telecoms (13%).
As for malware, DarkComet (38%) was the most prolific, followed by njRAT (19%) and XtremeRAT (19%).
It’s been a busy week for FireEye, which earlier alerted users to two new zero day vulnerabilities being used in targeted attacks against major corporations.
CVE-2014-4148 and CVE-2014-4113 were both crafted to exploit the Windows Kernel but were patched by Microsoft in its October security update on Tuesday.
Also this week, it was revealed that FireEye teamed up with a coalition of security vendors including F-Secure, iSight, Symantec and ThreatConnect, as well as Microsoft and Cisco, to take on a prolific Chinese APT group.
Led by analytics firm Novetta and using Microsoft’s Malicious Software Removal Tool (MSRT), the coalition has sought to detect and remediate malware associated with the group.
This includes the Hikiti malware family and other associated backdoor strains such as Mdmbot and Moudoor – itself derived from the notorious Gh0st RAT.