"What I find interesting is that simple changes made to existing malware are often more than enough to evade detection," said FireEye researcher Nart Villeneuve.
"Even more surprising is that technically 'unsophisticated' malware is often found in the payload of "sophisticated" zero-day exploits. And this year quite a number of zero-days were used in targeted attacks."
This makes it relatively simple for attackers to reheat malware used in older attacks for use in new campaigns.
FireEye said it had spotted the emergence of malware arms dealers and even 'hitmen', groups willing to supply malware packages to the highest bidder as part of a commercial service. The best example of this in 2013 was the Hidden Lynx attacks.
"While the noisier groups will continue their operations as usual being documented in research papers rarely seems to faze them I believe that some groups will adopt increasingly stealthy techniques in the near future," concluded Villneuve.
One trend FireEye doesn't analyse is what all this means for the security market itself. One answer is more acquisitions at higher prices, not least by FireEye itself which recently announced it was buying security forensics outfit Mandiant for $1 billion.
Sign up for Computerworld eNewsletters.