Phishers find most success midweek, masquerading as IT, report finds

Share this article:
The fairly convincing phishing scam is being hosted on a compromised EA Games server.
The firm found that 93 percent of phishing emails were sent out on weekdays.

A trends report noted when organizations are most likely to take malicious email bait sent from threat actors.

According to incident response and forensic firm Mandiant, 93 percent of phishing emails were sent on weekdays – with the most popular day being Wednesday.

In the company's M-Trends report (PDF), released Thursday, which analyzed points of initial compromise leading to breaches in 2013, Mandiant also found that 44 percent of phishing emails targeting companies were made to look like correspondence from firms' IT departments.

On Friday, Laura Galante, manager of threat intelligence for Mandiant, told SCMagazine.com in an interview that the social engineering trend remained a common attack method through the first quarter of this year, as well.

“We were able to go in and see the initial compromise, in this case, [by] looking at spear phishing emails,” Galante said.

In the M-Trends report, Mandiant studied security incidents impacting hundreds of clients throughout more than 30 sectors.

Of note, the firm saw a spike in threat actor activity targeting the financial services and media and entertainment industries last year, as compared to 2012. Last year, 15 percent of attacks struck the finance sector, while 13 percent of malicious activity occurred at media and entertainment organizations, the report said.

Galante added that, regardless of the attack method used, that enterprises must begin to take note of the wide range of data stolen by advanced persistent threat (APT) groups, which use the information to assemble profiles on target organizations.

In particular, the report revealed the wealth of data obtained by China-based APT groups, which often doesn't make headlines.

“These Chinese threat groups want a more holistic, programmatic understanding of companies,” Galante said. “The Chinese attackers are doing that by taking executive emails, business processes, information from meeting minutes and organizational charts. What this means is that organizations should think of how to redefine their information assets,” she said.

Share this article:

Sign up to our newsletters

More in News

Metro.us site compromised, serves malicious code

Researchers at Websense say visitors to Metro.us are sent to websites hosting the Rig Exploit Kit, used in the past to distribute CryptoWall.

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report ...

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Superman soars above fellow superheroes as most toxic search term

A McAfee study found that searches pertaining to Superman exposed users to the most infected websites.