China main source of cyberespionage attacks in 2012

Chinese IP addresses account for 30 percent of data breaches worldwide last year and 96 percent of these attacks were made for online espionage purposes, according to a Verizon study.
Written by Ellyne Phneah, Contributor
Verizon DBIR

China has been identified as the nation from which the most data breaches were conducted from, according to a new Verizon study. One company executive, however, say this could be due to lax domestic regulations rather than China being the most active source of online attacks. 

According to Verizon's 2013 Data Breach Investigation Report (DBIR) released Tuesday, China was the only Asian country on the top 10 threat origins list. In fact, out of the 40 threat origins the company identified, China emerged tops with 30 percent of all data breaches coming from there. By contrast, Romania came in second at 28 percent and the United States third with 18 percent, the report added. 

The report only disclosed the top 10 threat origins and did not publish the other 30.

Of the 30 percent, 96 percent of data breaches conducted from China were linked to cyberespionage-related motivations. This contrasts with the other nine threat origins on the list, as their data breaches were mostly financially motivated, it noted.

"This may mean that other threat groups perform their activities with greater stealth and subterfuge, but it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today," the report said.

The DBIR is in its sixth year of publication, and the 2013 edition covered 47,000 reported security incidents and 621 confirmed breaches. It also featured new contributors to the report, namely the Malaysia Computer Emergency Response Team (MyCERT) of Cybersecurity Malaysia, Deloitte, and CERT Insider Threat Center at Carnegie Mellon University Software Engineering Institute.


Country origins and motivations behind online attacks in 2012. (Source: Verizon 2013 DBIR)


However, Patrick Lum, senior consultant at Verizon Enterprise Solutions, told ZDNet Asia in an interview Thursday the high number of data breaches attributed to China should not mean it is the most active perpetrator of cyberespionage activities.

He said the high number could be because Internet regulations in the country are not as strict as other countries, and it may be easier for criminals to conduct their hacking activities from there.

"We are not going with the 'China is bad and scary' message. Rather, it's certainly big and an important part of the entire picture, and it is definitely an up and coming [trend] in the security landscape," Lum said. 

Changing motives mean less data stolen by hacktivists

The DBIR also showed that while the number of hactivist-related attacks in 2012 remain on par with the year before, the amount of data stolen has dropped significantly. In 2011, 58 percent of data stolen were attributed to hacktivism, but this had been reduced to 2 percent a year later, it noted.


external actors
Attack sources of data breaches. (Source: Verizon 2013 DBIR)


Lum said the fall in data stolen was because of the attackers' changing motives. Where in the past hacktivists would hack into companies' servers, steal data and post the information online to negatively impact these organizations' reputations, they are now conducting more distributed denial of service (DDoS) attacks to disrupt companies' Web services, he explained.

Ajaykumar Biyani, solutions consultant of global strategic services at Verizon Southeast Asia, who was also present during the interview, pointed out another reason was that two notable hacktivist groups--Anonymous and LulzSec--collaborated in 2011 and contributed to the surge in stolen data.

However, leader of LulzSec, Hector Xavier Monsegur, was arrested in March 2012 and he helped authorities capture several of the group's other members and this caused a drop in the number of attacks as well, Biyani explained.

DDoS attacks, however, will increasingly be something companies will have to contend with.

"It is relatively easy and cheap to cause a DDoS attack, and the effect is strong and sophisticated," Biyani said. "[Verizon] already [sees] huge attacks coming in every day and expect more to come."

Editorial standards