Hackers impersonating IT staff popular tactic in data breaches, FireEye finds

FireEye's Mandiant M-Trends report says impersonation and social engineering are now key tactics used by cybercriminals targeting corporations.
Written by Charlie Osborne, Contributing Writer

Fresh FireEye research suggests that today's cyberattackers are becoming smarter about the systems they seek to break, and are commonly using impersonation and social engineering to tap into the most common weakness in the security chain -- employees.

Within FireEye's sixth annual M-trends report, which tracks the threat landscape and emerging threat actors, the firm says that cybersecurity has now gone beyond the boardroom and has entered the mainstream thanks to the number of high-profile security breaches in 2014. While companies are taking less time to discover a data breach, hackers are smarter about the way they conduct themselves -- and a lack of basic security safeguards are leaving businesses vulnerable.

Over the past year, companies and organizations including US retailer Target, Sony, Staples and JPMorgan have been struck by separate cyberattacks leading to the loss of millions of customer and employee records -- including sensitive data, credit cards and personal information which could be used in identity theft.

Not only do security breaches potentially cost businesses a fortune in damage control, forensics and security improvements, but these firms are also left with a hefty bill in granting affected consumers credit monitoring services and compensation.

See also: Anthem data breach cost likely to smash $100 million barrier

The report suggests that a common thread in these data breaches is a lack of basic security protocols, such as two-factor authentication. Retailers may believe their virtual machines are safe, but without two-factor authentication safeguards, a single stolen credential -- taken through phishing campaigns or social engineering -- can leave an entire network vulnerable.

"As the events of 2014 demonstrated, there is no such thing as perfect security," said Kevin Mandia, SVP and COO of FireEye. "Based on the incidents that Mandiant investigated in 2014, threat actors have continued to evolve, up their game, and utilise new tools and tactics to compromise organisations, steal data and cover their tracks."

The "M-Trends 2015: A View from the Front Lines" research includes a number of key findings, such as the drop in the average time a company takes to detect a data breach. FireEye's Mandiant cyberforensics team says that the number of days it takes to discover a breach fell from 205 days in 2014, from a previously estimated 229 in 2013 and 243 in 2012. However, network intrusion can still go undetected for years -- in one case, a company which contacted Mandiant in 2014 had been breached for over eight years without knowing.

As cyberattacks increase in complexity and sophistication, companies do not always have the security teams and expertise in-house to detect them. Another trend across the past 12 months is increased reliance on outside, specialist security companies to detect breaches.

In 2014, only 31 percent of organisations discovered they were breached via their own resources -- down from 33 percent in 2013 and 37 percent in 2012.

Social engineering, phishing campaigns and the impersonation of legitimate IT personnel are also on the rise. The security firm says that through 2014, FireEye observed hackers impersonating IT staff in 78 percent of phishing schemes directed at companies, in comparison to just 44 percent in the previous year.

Several highlights of new and more innovative tactics employed by cybercriminals targeting a business are below:


Once they have infiltrated a network, cybercriminals are being smarter about where to hide. Just as hackers are becoming more sophisticated when it comes to accessing the most complex parts of hardware, Mandiant also observed more attackers than ever utilizing "complex" tactics to avoid detection -- such as hiding away through Windows Management Instrumentation.

Finally, the report says that chip-and-pin (EMV) technology, now becoming more widely used, has resulted in an increase of e-commerce attacks. Over 2014, Mandiant responded to more requests for help due to compromised companies and payment processors than ever before, which could result in an increase of EMV-based cyberattacks in the United States as the country begins to adopt the technology.

Read on: In the world of security

Editorial standards