Breach, Data Security

Verizon study finds China-based groups behind 96 percent of espionage attacks

Chinese-based attackers were responsible for 96 percent of all espionage incidents last year.

On Monday, Verizon's 2013 "Data Breach Investigations Report" was released, revealing that the majority of state-affiliated campaigns were operating out of China and targeting the manufacturing, professional and transportation industries.

The landmark study, now in its sixth year, analyzed 621 breaches from caseloads at 19 organizations, which were primarily law enforcement groups, including the U.S. Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting and Information Security Service and the European Cyber Crime Center (EC3).

In the majority of the breaches (75 percent), Verizon was able to determine the attackers' country of origin. While attackers in the United States and Eastern Europe led the pack in perpetrating financially-motivated breaches in 2012, China was a clear leader among countries sponsoring espionage attacks.

State-sponsored spy campaigns ranked second among breaches in the 2013 report. Espionage attacks were linked to 20 percent of all breaches in 2012, while financially motivated cyber crime accounted for 75 percent of breaches analyzed in the study. 

Jay Jacobs, a senior analyst on the Verizon RISK (Research Investigations Solutions Knowledge) team, told SCMagazine.com that a number of factors, aside from relying on the IP addresses of command-and-control servers, were used to attribute espionage attacks.

"We decided not to have anything attributed just by IP addresses,” Jacobs said. “We've found in previous years that it's just not reliable enough.”

Instead, Verizon also weighed the type of malware used and other attack methods that can be linked back to previous campaigns, he explained. 

“A lot of these [espionage cases] were clearly attributable to groups within China," Jacobs said. "In terms of the types of malware they use and when they repeat the same steps over and over, it's usually a good indication."

Verizon's report also emphasized that organizations of various sizes and notoriety have been the target of spying campaigns.

“Despite the growing number of disclosures and sometimes alarmist news coverage, many still see espionage as a problem relevant only to the Googles of the world,” the study said. “Unfortunately, this is simply not true…We see victims of espionage campaigns ranging from large multi-nationals all the way down to those that have no IT staff at all.”

Recent allegations that the Chinese government has conducted cyber spying against American businesses, as detailed in a February report by security firm Mandiant, have caused a stir in the security community and even hastened calls for legislation, such as the Cyber Intelligence Sharing and Protection Act (CISPA), a controversial intelligence-sharing bill. Last Thursday, the House of Representatives passed CISPA in a 288-127 vote.  

Another highlight of the Verizon report was that the proportion of breaches caused by hacktivists remained steady, but the amount of data stolen by these ideologically motivated groups decreased compared to last year's findings, which chronicled a number of high-profile information heists at the hands of Anonymous and offshoot LulzSec.

“Last year they were the leader of exfiltrated data,” Jacobs said. “This year, not so much. We've seen a lot of denial-of-service attacks."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.