Advanced cyberattacks can go undetected for typically 229 days

11 Apr 2014

An advanced cyberattack on an organisation can often go undetected for a median of 229 days, suggests the latest Mandiant M-Trends report, which highlights increased activity by Iran-based hackers scoping out vulnerabilities in energy and government bodies.

According to the fifth annual Mandiant M-Trends report, Beyond the Breach, the average number of days attackers were present on a victim’s network before being discovered dropped to 229 days in 2013 from 243 in 2012.

This improvement is incremental relative to the drop from 416 days in 2011, however, organisations can be unknowingly breached for years. The longest time an attacker was present before being detected in 2013 was six years and three months.

The report found organisations in general are yet to improve their ability to detect breaches. In 2012, 37pc of organisations detected breaches on their own; this number dropped to just 33pc in 2013.

Phishing emails largely look to capitalise on trust in IT departments. Some 44pc of the observed phishing emails sought to impersonate the IT departments of the targeted organisations. The vast majority of these emails were sent on Tuesday, Wednesday and Thursday.

Iran-based hackers conduct reconnaissance on energy and government sectors

The report found that political conflicts increasingly have cyber components that impact private organisations. Over the past year, Mandiant responded to an increased number of incidents where political conflicts between nations spawned cyberattacks that impacted the private sector.

Specifically, Mandiant responded to incidents where the Syrian Electronic Army (SEA) compromised external-facing websites and social media accounts of private organisations with the primary motive of raising awareness for their political cause.

Mandiant warned that suspected Iran-based threat actors conduct reconnaissance on the energy sector and state government. Multiple investigations at energy-sector companies and state government agencies of suspected Iran-based network reconnaissance activity indicates that threat actors are actively engaging in surveillance activities. While these suspected Iran-based actors appear less capable than other nation-state actors, nothing stands in the way of them testing and improving their capabilities.

FireEye acquired Mandiant at the start of this year in a deal worth more than US$1bn. A year ago, Mandiant revealed plans to create 100 new security jobs in Dublin with the establishment of an engineering and security operations centre in the city.

Last May it emerged up to 150 new jobs will be created at FireEye in Cork, which is establishing its EMEA technical support centre in the city. The new centre will be a strategic centre for FireEye and will have a central role in supporting international growth.

Mandiant is a Silicon Republic Featured Employer, comprised of top tech companies that are hiring now

Cyberdefender image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years