An annual data breach report found that cyber espionage activity increased more than threefold over the previous year – and that, in addition to China, a significant showing of attacks emanated from Eastern Europe.
In Verizon's “2014 Data Breach Investigations Report,” the service provider noted a total of 511 espionage incidents in 2013, with 306 events resulting in data disclosure.For the first time in its seven-year history, the data breach report analyzed security incidents that didn't result in breaches, in order to glean more knowledge on attack trends and threats.
Over the past two years, Verizon's partners for the report have grown from five to 49 organizations. To create its dataset, Verizon teamed with dozens of organizations around the globe. Contributors included security firms Kaspersky Lab, FireEye, McAfee, and WhiteHat Security, as well as law enforcement agencies, like the U.S. Secret Service, the Australian Federal Police (AFP) and the Dutch National High Tech Crime Unit (NHTCU). CERT teams throughout the world, as well as forensic providers like Deloitte & Touche and Guidance Software also participated.
With the expanded visibility, the source of cyber espionage attacks, in particular, appeared to be more dispersed globally, the report said. In last year's report, Chinese-based attackers were linked to 96 percent of all espionage incidents in 2012.
The report now notes that espionage attacks attributed to East Asia were “much less predominate in this year's data set," as 20 percent of espionage activity emanated from Eastern Europe.
“The 2013 dataset shows much more activity attributed to Eastern European actors, Russian-speaking ones in particular,” the report said. “As before, we don't propose these are the only active regions/ countries engaged in espionage. More comprehensive research into different actor groups is continually driving better detection and attribution, and we hope future versions of this report will show the fruits of those efforts.
“At a high level, there doesn't seem to be much difference in the industries targeted by East Asian and Eastern European groups. Chinese actors appeared to target a greater breadth of industries, but that's because there were more campaigns attributed to them.”
The report revealed that, last year, organizations most targeted by cyber espionage actors were in the professional and manufacturing industries, as well as the public sector.
Suzanne Widup, a senior analyst on the Verizon Risk Team and co-author of the report, told SCMagazine.com in an interview, that the goal of this year's report was to give a long-range view of threats over the years. The 2014 report charted nine basic attack partners, which varied among industries.
“We broke it down to really give people a roadmap, so they can really look at their industry and determine that these are the things that I'm likely to face,” Widup said, later adding that security controls were laid out for organizations as guidance.
To help block or address espionage-related breaches, the report advised that organizations start by implementing the latest software patches, and also employ up-to-date AV while training staff of present threats.
In addition, companies were told to monitor and filter outbound network traffic in order to better spot “abnormal” patterns or activities.Futhermore, if an attacker gains access, organizations should employ other security methods to prevent the lateral movement of intruders, such as network segmentation and use of two-factor authentication, to contain a breach where an actor re-uses stolen credentials, the report said.