There was some good news reported in Mandiant's M-Trends 2017 report, but this was heavily outweighed by a lot of very bad news.
Mandiant, which is a Fireye company, found that in 2016 companies are becoming a little better at identifying breaches with the average number of days between being compromised and discovery now at 99 days, down from 146 days in 2015. However more than 3 months is an eternity on the internet, and cybercrime bad guys can make off with the crown jewels in just a few days. At the same time some cybercriminals have increased their skillset to being comparable to that of a state-level actor. Guess why that is. You got it, they are the very same people. Read the story about the Yahoo hack and shiver.
In 2016 cybercriminals not only became better at their job, but continued to alter the style of their attacks, becoming more subtle. Mandiant said that in 2013 most attacks against financial institutions were all about getting in and out as quickly as possible with little regard given to whether or not they were discovered. This was due, in part to, to the rather crude tools and low skill level of those conducting the raid.
This began to change in 2014 with a more mature style of attack taking place. By 2016 attackers stepped up to using custom backdoors and further increased the resilience of their command and control infrastructure so as to maintain a presence and counter forensic techniques.
The bad guys in 2016 became not only more sophisticated and aggressive, but also went old school and calling their victims on the phone as part of the social engineering aspect of their scam.
“Perhaps the most unexpected trend we observed in 2016 is attackers calling targets on the telephone to help them enable macros in a phishing document or obtain the personal email address of an employee to circumvent controls protecting corporate email accounts,” the report stated.
“Based on our observations of trends from the past several years, organizations must adopt a posture of continuous cyber security, risk evaluation and defensive adaptation or they risk significant gaps in both fundamental security controls and – more critically – visibility and detection of targeted attacks,” the report recommended.
Part and parcel of that is inoculating employees against social engineering attacks with new-school security awareness training which includes frequent simulated phishing attacks to keep them on their toes with security top of mind.
KnowBe4's integrated training and phishing platform allows you to send fully simulated phishing emails so you can see which users answer the emails and/or click on links in them or open infected attachments.
See it for yourself and get a live, one-on-one demo.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: