Verizon’s new Cyber-Espionage Report (CER) found the top targets for cyber espionage to be public sector (31 percent), manufacturing (22 percent) and the professional industries (11 percent).
The CER draws from seven years (2014-2020) of Verizon’s Data Breach Investigations Report (DBIR) content as well as more than 14 years of Verizon Threat Research Advisory Center (VTRAC) cyber-espionage data breach response expertise.
Verizon says the threat actors conducting cyber espionage can range from nation states to business competitors and in some cases, organized crime groups. Their main targets are governments and private sector corporations and their primary motivations are national security, political positioning and economic competitive advantage. They tend to go after state secrets, intellectual property and sensitive information.
In accomplishing their goals, cyber-espionage attackers leverage three primary actions:
- Social engineering by targeting employees through activities such as phishing.
- Hacking systems and networks by using backdoors and command and control functions to establish and maintain access.
- Deploying malicious software, such as trojan downloaders, to extend their capabilities.
The attackers tend to move swiftly. In the 2014-2020 DBIR timeframe, for cyber-espionage threat actors, the time to compromise ranges from mere seconds to days 91 percent of the time; while time to exfiltration ranges from minutes to weeks 88 percent of the time. On the cyberdefender front, time to discovery takes months to years some 69 percent of the time; while time to containment ranges from hours to weeks 64 percent of the time.
When it comes to overall breaches by incident classification pattern for the 2014-2020 DBIR period, cyber espionage ranks sixth (10 percent) but within striking distance of fourth: privilege misuse ranked fourth at 11 percent and point of sale intrusions ranked fifth at 11 percent.
Verizon points out in the report that the incident classification patterns are just those known, reported and collected. Because cyber-espionage attacks are difficult to detect, and the breaches within this pattern are under-reported, the number may be much higher. In addition, the kinds of data stolen in cyber-espionage breaches such as state secrets may not fall under the data types that trigger reporting requirements under many laws or regulations.