Cybercriminals continue to find more advanced ways to penetrate company networks. According to a report released by FireEye’s Mandiant division on Tuesday, cybercriminals can use a phishing attack to gain access to employee credentials and send messages from internal email accounts in as little as 30 minutes.
Insights from the 2014 report were drawn from hundreds of Mandiant clients over 30 different industries. It is easy to see how financial motivation plays a role in cyberattacks with so much credit card and social security number information stored in accounts. In the last year hacks at Anthem, JP Morgan, Home Depot, Kmart, Dairy Queen, Xbox, Sony and ICANN have exposed millions of credit card numbers, social security numbers, email addresses, passwords and financial information. FireEye also recently reported on a group specifically targeting financial institutions in an insider trading scheme.
“Threat actors are not only interested in seizing the corporate crown jewels but are also looking for ways to publicize their views, cause physical destruction, and influence global decision makers,” indicating that financial motivations are not the only ones at play in cyberattacks. “Private organizations have increasingly become collateral damage in political conflicts. With no diplomatic solution in sight, the ability to detect and respond to attacks has never been more important.”
All industries continue to be targeted by hackers but the sectors experiencing the biggest increase in this report were entertainment with a six percent increase from 2013 and financial services with four percent. Companies were actually less likely to discover their own internal breaches, and most of them were notified of a breach by an external entity. The average number of days from attack to detection was 229. While this is 14 days less than 2012 it is still almost eight months of possible data loss.
Simple phishing is still well utilized and effective, mimicking emails sent from IT 44 percent of the time. Hackers impersonate the targeted companies IT department to gain access to credentials. According to a recent WHIR podcast, educating employees is a key factor in preventing this type of attack.
According to a case study in the report, it took hacking group SEA just 22 minutes from the time a phishing email was sent to the time they were login to webmail using an employee’s credentials.
“After the initial phishing campaign, the SEA used the compromised credentials to access the news agency’s externally available email system, which did not require two-factor authentication,” according to the report. Ignoring simple security measures such as two-factor authentication are often a factor in cyberattacks, Andrew Avanessian, EVP of Avecto Consultancy & Technology Services in a WHIR interview.
“But this evolving threat landscape, while complicated, need not be discouraging. To attack the security gap, organizations need smart people, visibility into their networks, endpoints, and logs,” the report said. “Organizations also need actionable threat intelligence that identifies malicious activity faster.”
The government is responding to the evolving threat landscape by attempting to facilitate more communication between attacked entities. Recently, the President signed an executive order to promote sharing of threat information between the government and private sector and established the new cybersecurity agency called the Cyber Threat Intelligence Integration Center (CTIIC) to monitor, collect information and analyze potential threats.