Impersonating IT departments in spear-phishing attacks is becoming an increasingly popular tactic among hackers, particularly in cyber-espionage attacks.
IT staff themed phishing emails comprised 78 per cent of observed phishing schemes picked up by FireEye in 2014, compared to just 44 per cent in 2013.
More ReadingPwned so many times - but saved by the incident response plan'Chinese hackers' were sniffing SE Asian drawers for YEARSOne BEEEEEELLION sensitive records went AWOL in 2014White-listed phish slip through Google AppsCan't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain
The sixth annual FireEye Mandiant M-Trends report, published on Tuesday, reports that organisations are getting slightly speedier at picking up trespassers in their network. Breach detection times dropped from 229 days in 2013 to 205 days last year. The slight improvement still means that successful hacker attacks remain undetected for months.
In some cases breaches can go undetected for years. One unnamed organisation that Mandiant helped in 2014 had been unknowingly breached for more than eight years, an admittedly extreme case that spotlights a more general failing to pick up breaches before vast data caches are compromised and extracted.
Mandiant’s security incident response work picked up a common thread in major retail breaches last year. Retailers reckoned their virtual machines were sufficiently secured but did not implement two-factor authentication, meaning a single stolen user credential could make their entire network vulnerable.
Hackers are adopting more sophisticated and stealthy tactics. Mandiant said it had witnessed more attackers utilising complex tactics including using Windows Management Instrumentation to avoid detection.
More details can be found in the 2015 Mandiant M-Trends report (PDF). ®