Kevin Mandia, president of Mandiant, spoke at a Black hat conference in Las Vegas, Nevada where he shared research results that proved attackers are using increasingly sophisticated methods to evade detection and make life difficult for security incident response teams.

Mandia says the sophistication of hackers' tools are outpacing that of investigators' forensic tools, and one of the consequences is that incident response teams charged with investigating attacks on networks are taking between five and eight days to find malicious code.

As incident response teams search for the malicious code, the most common assumption is that a hacker has used kernel level rootkits to access sensitive internal data. Rootkits are software tools designed to hide running processes, files or system data and enable attackers to maintain control over a system without the user's knowledge. A kernel level rootkit takes this a step further by adding or modifying part of the kernel code. Although Windows security breaches make up the majority of security incidents, the kernel level rootkits Mandia has come across thus far have been Linux-based.

Mandia says the main reason hackers aren't running kernel level rootkits as much anymore and are choosing the ASP route is because rootkits can make systems unstable, which could blow their cover.

The report adds that profit-motivated attackers usually operate by hacking a victim's PC and installing a keystroke logger or by getting their victims to fall for phishing scams. Mandia says these attacks are tough to stop because the attackers tend to work quickly and leave little evidence behind.