Technology continues to advance at a rapid rate.
And so do the skill sets of cyber criminals.
According to a recent report by the Mandiant Consulting division of cyber security firm FireEye, cyber criminals can now routinely use a phishing attack to gain access to employee credentials – and then send messages from internal email accounts – in as little as 30 minutes.
That’s half an hour’s worth of work. To undo untold hours, days, months and years that have been poured into building and protecting your business.
FireEye is a Silicon Valley-based cyber security company that provides dynamic malware protection against advanced cyber threats. On its website, FireEye claims to “protect 5 of the 6 top U.S. telecom companies, 5 of the top 10 financial institutions, 7 of the top 10 energy companies, 7 of the top 10 high-tech companies.” They definitely know what they’re talking about on the subject of cyber security. And they have the report to prove (and expound upon) it.
The report, entitled “Threat Report: M-Trends 2015: A View from the Front Lines,” features insights and information obtained from hundreds of Mandiant incident response investigations in more than 30 different industry sectors. The report provides key insights, statistics and case studies illustrating how the tools and tactics of “advanced persistent threat (aka APT) actors” have evolved over the previous year.
In addition to revealing insights and details on cyber criminals’ startling efficiency and speed, the report claimed that cyber criminals often have access to their victims’ sensitive and supposedly confidential environments for well over 200 days before they are discovered or caught. The report also stated that some 69% of victims learn that their information and data has been compromised only after a third party alerts or informs them of the data breach.
While the report indicates that all industries continue to be targeted by aggressive and increasingly skilled cyber criminals and hackers, the sectors experiencing the biggest increase, per the report, were entertainment (6% surge) and financial services (4% uptick). The report also claimed that companies and organizations were actually less likely to discover their own internal breaches, as most of them were notified of a breach by an external entity.
Amazingly, the average number of days from attack to detection was 229 – or more than seven full months. This number is down 14 days from the average time lapse in 2012, but it is obviously still a staggeringly long period of time for any organization to be exposed or vulnerable to cyber criminals.
The report also stated that simple phishing is still highly effective and often utilized. Some 44% of the time, this strategy involves mimicking emails sent from an organization’s IT personnel. Hackers and cyber criminals frequently impersonate the targeted company or organization’s IT department in order to gain access to credentials.
One case study in the report outlines how it took a hacking group known as SEA a mere 22 minutes from the time a phishing email was sent to the point where they were logging into supposedly confidential and private webmail accounts using an employee’s credentials.
“After the initial phishing campaign, the SEA used the compromised credentials to access the news agency’s externally available email system, which did not require two-factor authentication,” read the report.
The fascinating and detailed report also addresses how the lines are being blurred between nation-state attacks and cyber crime. In turn, this is making it harder and harder to determine just who these cyber criminals are – and where they are. Over the past year in particular, the report states, “threat actors” have used a variety of stealthy new tactics to move laterally and maintain a presence in victim environments.
“Threat actors are not only interested in seizing the corporate crown jewels but are also looking for ways to publicize their views, cause physical destruction, and influence global decision makers,” reads one section of the report. “Private organizations have increasingly become collateral damage in political conflicts. With no diplomatic solution in sight, the ability to detect and respond to attacks has never been more important.”
The report also outlines approaches Mandiant principals believe organizations should take to improve their detection, containment and response to these increasingly advanced attacks.
“But this evolving threat landscape, while complicated, need not be discouraging,” read the report in part. “To attack the security gap, organizations need smart people, visibility into their networks, endpoints, and logs. Organizations also need actionable threat intelligence that identifies malicious activity faster.”
When it comes to smart people offering business IT support services to your organization, Be Different Solutions can help you find the right mix of talent. So you can minimize the risk of success attacks on your IT infrastructure.
The business IT support professionals we outsource to your organization are not only intelligent, but hard-working, ethical and responsible. They’re also operating from either our U.S.- or Europe-based offices, as opposed to some far-flung location halfway around the world.
And we promise not to wait anything close to 229 days to respond to you.