The vast majority of electronic spying attacks in 2013 can be attributed to governments, according to a new report.
The latest annual Data Breach Investigations Report by Verizon Communications reveals that there has been a three-fold increase in cyber espionage since the last report was published in April 2013.
Of the 511 spying incidents recorded, 87 per cent were conducted by “state-affiliated actors” (governments), as opposed to 11 per cent by organised criminal groups.
China and other East Asian nations were identified as the origin of 49 percent of espionage attacks while Eastern European countries were suspected to be the origin of 21 percent of the attacks. Some 25 percent of spying incidents could not be attributed to attackers from any country, according to Verizon.
Governments and cyber criminals deploy a wide range of tools to carry out cyber espionage, from phishing and network scanning to rootkits and ‘brute force’ attacks.
The most prolific method of gaining access to a victim’s environment is spear phishing, whereby a well-crafted and personally-relevant email is sent to a targeted user, prompting them to open an attachment or click a link within the message.
Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective.
The proportion of espionage incidents incorporating phishing has fallen since Verizon’s last report, but not because of a drop in actual frequency. This is primarily due to a big increase in the use of strategic web compromises (SWCs) as a method of gaining initial access.
Instead of email bait, SWCs set a trap within a legitimate website likely to be visited by the target demographic. When they visit the page, the trap is sprung and the system infected.
“Spying is nothing new and we shouldn’t be surprised that the political entities around the world are expanding their intelligence arsenals with modern capabilities,” said Tim Erlin, director of security and risk at Tripwire, commenting on the report.
“It’s likely that the data from the Verizon report is a trailing indicator of the increasing cyber-espionage capabilities around the world.”
Cyber espionage is one of nine basic attack patterns that almost all security incidents fall into. These also include: miscellaneous errors such as sending an email to the wrong person, crimeware (various malware aimed at gaining control of systems), insider/privilege misuse, physical theft/loss, Web app attacks, denial of service attacks, point-of-sale intrusions, and payment card skimmers.
“Organisations need to realise no one is immune from a data breach,” said said Wade Baker, principal author of the Verizon Data Breach Investigations Report series.
“Compounding this issue is the fact that it is taking longer to identify compromises within an organisation – often weeks or months – while penetrating an organisation can take minutes or hours,” Baker said.
The 2014 report can be downloaded here
via The Telegraph