×

Why M&A hackers are so dangerous: Mandia

A new hacking campaign that seeks to obtain inside information is particularly dangerous because antivirus software is powerless to discover it, FireEye COO Kevin Mandia told CNBC on Tuesday.

"It's not easy to detect this, and by the time you're detecting it, someone's already reading your email," he said.

FireEye disclosed on Monday that a group called FIN4 has been targeting companies involved in mergers and acquisitions in order to get market-moving information. More than 100 businesses have been impacted, according to the security research firm.

Read More Hackers target C-suite emails for M&A info

There is no malware involved, so an antivirus program has nothing to detect, Mandia said. To confirm it has been attacked, a company must crack into its email server, review its logs and look for signs someone has connected to the server from an IP address outside the company.

By that time, it's too late and proprietary information may have been stolen.

The attackers are gaining access by emailing employees and tricking them into disclosing their credentials. The campaign has been effective in part because the emails—called spear phish—are being written in perfect English, a rarity in so-called phishing attacks, Mandia said.

"These emails are definitely being written by English native speakers, so that's different than the prior attacks I've experienced," he said.

Companies try to make email very available to their employees, which presents a challenge to countering the attacks, Mandia said. Businesses need to implement two-factor authentication for email access, meaning employees would have to enter another code in addition to their username and password, he said.

Read MoreInside North Korea's elite cyberwarfare unit

Separately, Mandia said he could not comment directly on reports that North Korea was behind an attack on Sony that resulted in five of its films being released on the Internet. FireEye is working with Sony to investigate the incident.