Cyber attackers like to impersonate IT workers
Mandiant, the (apparent) go-to firm for the forensic investigation of high-profile breaches, has released its annual M-Trends report (registration required), which shows that the threat landscape is more complex than ever.
“Mandiant consultants’ role as the first responders to critical security incidents gives us a unique vantage point into how attackers’ motives and tactics are changing,” they say, and the report statistics compiled and the insights gained are a result of hundreds of service engagements.
The 2014 threat trends are as follows:
- Cyber security has become a boardroom priority, and an issue recognized by the public and mainstream media
- Compared to the results from the 2013 report, organizations are a bit quicker to detect cyber intrusions (205 days in 2014 vs . 229 days in 2013), even though most of them (69 percent) still find out about the breach from an outside entity such as law enforcement, a supplier or a customer. As a side note: the longest undetected cyber attackers’ presence in a company’s system is a whooping 2,982 days (a little over 8 years)!
- Despite the recent high-profile Sony breach, media and entertainment companies are less targeted than in 2013. These days, the attackers are mostly interested in hitting business and professional services, retailers, and financial services
- When it comes to targeted phishing attacks, most (78 percent) phishing emails were IT or security related: attackers attempt to impersonate the targeted company’s IT department or an anti-virus vendor.
- Breach attribution is becoming more complicated as different kinds of threat actors increasingly share the same tools – cyber criminals are stealing a page from the playbook of APT actors, while APT actors are using tools widely deployed by cyber criminals
- Retailers were hit both by novice attackers and more advanced groups, but both were effective (the report includes a relatively detailed case study that involves the attack against a large US retailer, and guidelines for protecting this type of organizations and environments)
- While tools and tactics evolve, most incidents follow a familiar pattern.