Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Just One-Third of Organizations Discover Breaches on Their Own: Mandiant

Mandiant Releases Annual Threat Report Analyzing Advanced Targeted Attacks

Mandiant Releases Annual Threat Report Analyzing Advanced Targeted Attacks

FireEye-owned Mandiant has published the latest release of its Mandiant M-Trends report, which provides analysis on the threats of 2013 and highlights emerging global threat actors and the types of targets and information they have in their sights.

Compiled from threat investigations conducted by Mandiant during 2013, and now in its fifth year, the report details the tactics used by threat actors to compromise organizations and steal data.

According to Mandiant’s findings, organizations are discovering breaches in their networks faster, but still not nearly soon as they must in order to contain damage and prevent loss of sensitive data.

Data Breach Discovery

Based on Mandiant’s investigations, breaches were discovered in 229 days on average in 2013 vs. 243 in 2012. While these improvements are a positive, it still means attackers are still spending 2/3rds of the year inside an organization’s network before being discovered.

“This improvement is incremental relative to the drop from 416 days in 2011, however organizations can be unknowingly breached for years,” Mandiant said. “The longest time an attacker was present before being detected in 2013 was six years and three months.”

Phishing Emails Still a Favorite Attack Tool

If it ain’t broke, don’t fix it, the saying goes, and attackers are living by that motto. In its analysis, Mandiant found that 44 percent of the observed phishing emails aimed to impersonate the IT departments of the targeted organizations. The vast majority of the malicious emails were sent on Tuesday, Wednesday and Thursday, the report said.

The dangers of phishing attacks were also recently highlighted in a report from Symantec. Approximately one in three organizations in the mining, government and manufacturing sectors were hit by at least one spear-phishing attack during 2013, according to Symantec’s recently released Internet Security Threat report. The government sector alone was the target of 16 percent of spear-phishing blocked last year, Symantec said. 

According to Mandiant, other key findings from its “Beyond the Breach” report include:

Organizations in general are yet to improve their ability to detect breaches – In 2012, 37 percent of organizations detected breaches on their own; this number dropped to just 33 percent in 2013.

Political conflicts increasingly have cyber components that impact private organizations – Over the past year, Mandiant responded to an increased number of incidents where political conflicts between nations spawned cyber attacks that impacted the private sector. Specifically, Mandiant responded to incidents where the Syrian Electronic Army (SEA) compromised external-facing websites and social media accounts of private organizations with the primary motive of raising awareness for their political cause.

Suspected Iran-based threat actors conduct reconnaissance on the energy sector and state governments – Multiple investigations at energy sector companies and state government agencies of suspected Iran-based network reconnaissance activity indicates that threat actors are actively engaging in surveillance activities. While these suspected Iran-based actors appear less capable than other nation-state actors, nothing stands in the way of them testing and improving their capabilities.

“It is hard to overstate how quickly cybersecurity has gone from a niche IT issue to a consumer issue and boardroom priority,” said Kevin Mandia, SVP and COO at FireEye. “Over the past year, Mandiant has seen companies make modest improvements in their ability to attack the security gap. On the positive side, organizations are discovering compromises more quickly, but they still have difficulty detecting said breaches on their own. It is our focus to bridge that gap and continue the positive trends our customers are seeing.”

The full report is available online in PDF format. 

Related Reading: Preparing for the Inevitable Data Breach

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...