Impersonating IT departments in spear-phishing attacks is becoming an increasingly popular tactic among hackers, particularly in cyber-espionage attacks.
IT staff themed phishing emails comprised 78 per cent of observed phishing schemes picked up by FireEye in 2014, compared to just 44 per cent in 2013.
The sixth annual FireEye Mandiant M-Trends report, published on Tuesday, reports that organisations are getting slightly speedier at picking up trespassers in their network. Breach detection times dropped from 229 days in 2013 to 205 days last year. The slight improvement still means that successful hacker attacks remain undetected for months.
In some cases breaches can go undetected for years. One unnamed organisation that Mandiant helped in 2014 had been unknowingly breached for more than eight years, an admittedly extreme case that spotlights a more general failing to pick up breaches before vast data caches are compromised and extracted.
Mandiant’s security incident response work picked up a common thread in major retail breaches last year. Retailers reckoned their virtual machines were sufficiently secured but did not implement two-factor authentication, meaning a single stolen user credential could make their entire network vulnerable.
Hackers are adopting more sophisticated and stealthy tactics. Mandiant said it had witnessed more attackers utilising complex tactics including using Windows Management Instrumentation to avoid detection.
More details can be found in the 2015 Mandiant M-Trends report (PDF). ®