Verizon data breach report: State-sponsored attacks surge

Verizon data breach report: State-sponsored attacks surge

Summary: Espionage campaigns seek data that furthers national interests, such as military or classified information, economy-boosting plans, insider information or trade secrets, and technical resources such as source code.

TOPICS: Security, CXO

An annual survey by Verizon's security unit found that 19 percent of data breach attacks were connected to state-sponsored organizations in a sign that corporate espionage may be ramping.

The data breach investigations report (DBIR) is based on 19 global companies, their attacks, forensics and reporting agencies. Overall, the report features 47,000 reported security incidents and 621 confirmed data breaches. Over nine years, the DBIR has documented 1.1 billion compromised records and 2,500 data breaches.

Regarding state sponsored attacks, Mark Spitler, a senior security analyst at Verizon, said that the report "found quite a few" state sponsored attacks. Verizon determined that attacks were state sponsored based on known tactics, indicators of what was being examined and malware signatures. Cooperation and data sharing among participants also put the spotlight on state-sponsored attacks.

On state sponsored attacks, Verizon said in its report:

State-affiliated groups rise to the number two spot for the 2012 dataset, and there are several plausible explanations for this. On one hand, we saw a dip in financially motivated cases against small organizations in our dataset, and that dip allows other trends to become more pronounced. Another factor is the larger set of data sharing partners in this report that widens the population of incidents we can analyze. Furthermore, our own investigations comprised more espionage cases than any previous year, and this was bolstered by increased efforts to collect, share, and correlate IOCs that greatly improve the ability to uncover targeted attacks. So, it may be true that espionage activity is up, but it’s also true that better sharing and improved detection capabilities result in more detection. Threat actors engaged in espionage campaigns leave a completely different footprint than those motivated by direct financial gain. They seek data that furthers national interests, such as military or classified information, economy-boosting plans, insider information or trade secrets, and technical resources such as source code. They will generally not target payment systems and information, and according to our data, they aren’t even targeting certain industries that have topped the charts for financially motivated attackers (e.g., Retail and Food Services).

The high level takeaways:

  • 37 percent of breaches hit financial organizations;
  • 24 percent of breaches happened in retail and restaurants;
  • 20 percent of network intrusions involved manufacturing, transportation and utilities;
  • 38 percent of breaches were aimed at large companies;
  • 92 percent of breaches were perpetrated by outsiders;
  • 19 percent were attributed to state-affiliated actors;
  • And finally weak defenses make things a bit easy for the bad guys.

Verizon's DBIR report noted that best practices can't be applied to every industry. Verizon noted:

Any attempt to enforce a one size-fits-all approach to securing our assets may result in leaving some organizations under-protected from targeted attacks while others potentially over-spend on defending against simpler opportunistic attacks. For example, small retailers and restaurants in the Americas should be focusing on the basics because attackers are leveraging poorly configured remote administration services to pull payment data from point of sale systems. But the basics won’t be enough for the finance and insurance industry, which sees its ATMs targeted by skimming campaigns. And when we peel back that physical attack layer, we see a much higher proportion of attacks in its web applications than all other sectors. When we focus on manufacturing, engineering, consulting, and IT service firms, we see a whole different set of attacks exploiting human weaknesses through targeted social attacks to get multi-functional malware on internal systems.



Topics: Security, CXO

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Credibilty is the big issue here

    Verizon has had pretty much zero presence in any cybersecurity discussions, and their tech support is awful even for a telco. And I notice that the Eastern Europe cybergangs don't get a mention even though they seem to be behind the most sophisticated and undetectable botnets that are likely channels for much if not most of the attacks and exploits. This Verizon report appears to be as rubbishy as the Mandiant report from earlier this year.
  • Credibility is not the big issue here

    Above you have a Chinese-government paid "50 Cent Party" pro-Party propaganda Internet commentator.

    Group after group after group has been identifying the Chinese government as behind brazen, shameless thefts from businesses around the globe. It is long overdue for the Chinese goverment to pay retribution for the estimated $300,000,000,000 in data theft.
    • But I know how to read reports

      And the reports purporting to show China this big, bad cyber threat have been all rubbish. If they were football players, they would be all brave, pre-game trash talk for the reporters, but all fumbled balls and faces hitting turf on the field.