In some cases the examples involve the targeting of IT workers at financial services companies from whom attackers seek to steal customer data to use to launch spear-phishing campaigns, some of which involve fraudulent credit card offers that are being sent to consumers via the U.S. Postal Service.
In other cases attackers are finding lists of government employees who attend specific meetings -- often publicized online -- and using the contextual information they can gather to create targeted threats aimed at phishing sensitive information from those parties.
In some of those cases, Mandiant has seen attacks that have been carried out using the real names of participants and attendees of such meetings, with the attacks carried in e-mail attachments using the real materials discussed at the event -- and crafted to appear as if it is coming from the main speaker or organizer of the meeting.
It's hard to blame people for falling prey to the attacks when there is no evidence of fraud, and such deep contextual information being used to target individuals, he said.
"Basically, it would be very hard for anyone to suspect this level of sophistication, and typically when we identify the person, or people, involved, they couldn't be more surprised that the e-mail they opened was an attack," Mandia said. "With the phishing attempts being carried out against customers of financial services companies the materials they e-mail or snail mail to the consumers has been exactly what you would receive in a legitimate communication."
Many attacks also exhibit another extremely-troubling trend, according to the investigator -- the targeting of organizations who employ large numbers of remote employees.
With the increasing sophistication of the perimeter defenses of many large organizations, criminals are finding it easier to target end users who connect to the companies' virtual private networks (VPNs), and carry out their attacks over this trusted channel.
"Companies with large groups of home users who routinely use the VPN are being targeted directly; generally if you're sitting at a desk at work the network has a chance of detecting data theft or other attacks, but virtually no one is monitoring the data going over the VPN tunnel to people's homes, so that's where the criminals are moving," Mandia said.
On the bright side, Mandia said that companies who are at the cutting-edge of IT systems defense and data protection are discovering these attacks because they have created a system of policies and technologies that alert them to potential problems as early as possible.
In a fair number of cases, he said, even the most targeted threats are being sniffed out and blocked by those types of firms.
However, criminals are also figuring out which companies have the most attractive vaults of data, and weaker protections -- such as online retailers -- and constantly shifting their tactics to attempt to exploit those firms.
"What we're seeing is truly a radical change compared to the types of security threats that we've seen over the last fifteen years, as criminals merge physical aspects of crime with technology and social engineering," said Mandia.
"The attackers know these companies' marketing methods and the people who work for them," he said. "They're going to continue with these attacks as long as they are making their money from it, and there don't seem to be any shortage of zero days and opportunities to leverage social engineering."