Incident Response, TDR

Phishers find most success midweek, masquerading as IT, report finds

A trends report noted when organizations are most likely to take malicious email bait sent from threat actors.

According to incident response and forensic firm Mandiant, 93 percent of phishing emails were sent on weekdays – with the most popular day being Wednesday.

In the company's M-Trends report (PDF), released Thursday, which analyzed points of initial compromise leading to breaches in 2013, Mandiant also found that 44 percent of phishing emails targeting companies were made to look like correspondence from firms' IT departments.

On Friday, Laura Galante, manager of threat intelligence for Mandiant, told in an interview that the social engineering trend remained a common attack method through the first quarter of this year, as well.

“We were able to go in and see the initial compromise, in this case, [by] looking at spear phishing emails,” Galante said.

In the M-Trends report, Mandiant studied security incidents impacting hundreds of clients throughout more than 30 sectors.

Of note, the firm saw a spike in threat actor activity targeting the financial services and media and entertainment industries last year, as compared to 2012. Last year, 15 percent of attacks struck the finance sector, while 13 percent of malicious activity occurred at media and entertainment organizations, the report said.

Galante added that, regardless of the attack method used, that enterprises must begin to take note of the wide range of data stolen by advanced persistent threat (APT) groups, which use the information to assemble profiles on target organizations.

In particular, the report revealed the wealth of data obtained by China-based APT groups, which often doesn't make headlines.

“These Chinese threat groups want a more holistic, programmatic understanding of companies,” Galante said. “The Chinese attackers are doing that by taking executive emails, business processes, information from meeting minutes and organizational charts. What this means is that organizations should think of how to redefine their information assets,” she said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.