The Channel logo

News

By | John Leyden 24th February 2015 13:02

Don't be fooled! He's not from the IT crowd... he's a CYBERSPY – FireEye

Is that Tom the techie or a Chinese spear-phisherman?

Impersonating IT departments in spear-phishing attacks is becoming an increasingly popular tactic among hackers, particularly in cyber-espionage attacks.

IT staff themed phishing emails comprised 78 per cent of observed phishing schemes picked up by FireEye in 2014, compared to just 44 per cent in 2013.

The sixth annual FireEye Mandiant M-Trends report, published on Tuesday, reports that organisations are getting slightly speedier at picking up trespassers in their network. Breach detection times dropped from 229 days in 2013 to 205 days last year. The slight improvement still means that successful hacker attacks remain undetected for months.

In some cases breaches can go undetected for years. One unnamed organisation that Mandiant helped in 2014 had been unknowingly breached for more than eight years, an admittedly extreme case that spotlights a more general failing to pick up breaches before vast data caches are compromised and extracted.

Mandiant’s security incident response work picked up a common thread in major retail breaches last year. Retailers reckoned their virtual machines were sufficiently secured but did not implement two-factor authentication, meaning a single stolen user credential could make their entire network vulnerable.

Hackers are adopting more sophisticated and stealthy tactics. Mandiant said it had witnessed more attackers utilising complex tactics including using Windows Management Instrumentation to avoid detection.

More details can be found in the 2015 Mandiant M-Trends report (PDF). ®

comment icon Read 9 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'