Once inside a computer network, the attackers searched for users with privileged access in order to use their credentials to obtain high-value information, FireEye said.
Most companies do not know the number of privileged accounts on their networks. A recent survey by CyberArk, which specializes in privileged account security, found that 86 percent of enterprises do not know how many of these accounts exist.
Therefore, companies first need to get a list of the accounts and secure them by making sure that all use is monitored and recorded.
"Privileged user behavior profiling can detect a range of anomalies in the behavior patterns of individual privileged users, such as a user who suddenly accesses credentials at an unusual time of day," John Worrall, chief marketing officer at CyberArk, said in an email.
"This is a strong indicator of malicious activity or severe policy violations, whether it stems from an external hacker taking over a privileged credential, or a malicious insider."
Sign up for CIO Asia eNewsletters.