Connect with us

Hi, what are you looking for?


Incident Response

Just One-Third of Organizations Discover Breaches on Their Own: Mandiant

Mandiant Releases Annual Threat Report Analyzing Advanced Targeted Attacks

Mandiant Releases Annual Threat Report Analyzing Advanced Targeted Attacks

FireEye-owned Mandiant has published the latest release of its Mandiant M-Trends report, which provides analysis on the threats of 2013 and highlights emerging global threat actors and the types of targets and information they have in their sights.

Compiled from threat investigations conducted by Mandiant during 2013, and now in its fifth year, the report details the tactics used by threat actors to compromise organizations and steal data.

According to Mandiant’s findings, organizations are discovering breaches in their networks faster, but still not nearly soon as they must in order to contain damage and prevent loss of sensitive data.

Data Breach Discovery

Based on Mandiant’s investigations, breaches were discovered in 229 days on average in 2013 vs. 243 in 2012. While these improvements are a positive, it still means attackers are still spending 2/3rds of the year inside an organization’s network before being discovered.

“This improvement is incremental relative to the drop from 416 days in 2011, however organizations can be unknowingly breached for years,” Mandiant said. “The longest time an attacker was present before being detected in 2013 was six years and three months.”

Phishing Emails Still a Favorite Attack Tool

Advertisement. Scroll to continue reading.

If it ain’t broke, don’t fix it, the saying goes, and attackers are living by that motto. In its analysis, Mandiant found that 44 percent of the observed phishing emails aimed to impersonate the IT departments of the targeted organizations. The vast majority of the malicious emails were sent on Tuesday, Wednesday and Thursday, the report said.

The dangers of phishing attacks were also recently highlighted in a report from Symantec. Approximately one in three organizations in the mining, government and manufacturing sectors were hit by at least one spear-phishing attack during 2013, according to Symantec’s recently released Internet Security Threat report. The government sector alone was the target of 16 percent of spear-phishing blocked last year, Symantec said. 

According to Mandiant, other key findings from its “Beyond the Breach” report include:

Organizations in general are yet to improve their ability to detect breaches – In 2012, 37 percent of organizations detected breaches on their own; this number dropped to just 33 percent in 2013.

Political conflicts increasingly have cyber components that impact private organizations – Over the past year, Mandiant responded to an increased number of incidents where political conflicts between nations spawned cyber attacks that impacted the private sector. Specifically, Mandiant responded to incidents where the Syrian Electronic Army (SEA) compromised external-facing websites and social media accounts of private organizations with the primary motive of raising awareness for their political cause.

Suspected Iran-based threat actors conduct reconnaissance on the energy sector and state governments – Multiple investigations at energy sector companies and state government agencies of suspected Iran-based network reconnaissance activity indicates that threat actors are actively engaging in surveillance activities. While these suspected Iran-based actors appear less capable than other nation-state actors, nothing stands in the way of them testing and improving their capabilities.

“It is hard to overstate how quickly cybersecurity has gone from a niche IT issue to a consumer issue and boardroom priority,” said Kevin Mandia, SVP and COO at FireEye. “Over the past year, Mandiant has seen companies make modest improvements in their ability to attack the security gap. On the positive side, organizations are discovering compromises more quickly, but they still have difficulty detecting said breaches on their own. It is our focus to bridge that gap and continue the positive trends our customers are seeing.”

The full report is available online in PDF format. 

Related Reading: Preparing for the Inevitable Data Breach

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.