Microsoft Subnet An independent Microsoft community View more

Verizon report: China behind 96% of all cyber-espionage data breaches

Verizon's 2013 Data Breach Investigation Report is out and fingers China as the top source of cyber-espionage data breaches.

Verizon's 2013 Data Breach Investigation Report is out and includes data gathered by its own forensics team and data breach info from 19 partner organizations worldwide. The report covers about 621 confirmed breaches and about 47,000 security incidents that occurred in 2012. Security incidents do not necessarily mean the attackers were able to breach an organization and could include DoS attacks.

The motives for attacks were diverse. Verizon's Dave Hylender wrote, "Money-minded miscreants continued to cash in on low-hanging fruit from any tree within reach. Bolder bandits took aim at better-defended targets in hopes of bigger hauls. Activist groups DoS'd and hacked under the very different - and sometimes blurred - banners of personal ideology and just-for-the-fun-of-it lulz. And, as a growing list of victims shared their stories, clandestine activity attributed to state-affiliated actors stirred international intrigue."

China cyber espionage

China was involved in 96% of all espionage data-breach incidents, most often targeting manufacturing, professional and transportation industries. The assets China targeted within those industries included laptop/desktop, file server, mail server and directory server, in order to steal credentials, internal organization data, trade secrets and system info. A whopping 95% of the attacks started with phishing to get a toehold into their victim's systems. The report states that, "Phishing techniques have become much more sophisticated, often targeting specific individuals (spear phishing) and using tactics that are harder for IT to control. For example, now that people are suspicious of email, phishers are using phone calls and social networking."

It is unknown who the nation-state actors were in the other 4% of breaches, which the report says "may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today."

Financially motivated data breaches

Eastern Europe (e.g., Romania, Bulgaria, and the Russian Federation) and the U.S. were the top actors in financially motivated breaches.

In the land of financially motivated breaches, spyware is king. Capturing data from payment cards swiped at POS terminals and credentials typed into online bank accounts are two very popular uses of these tools in cybercrime. As an aside, the use of spyware differs in espionage, where it focuses on grabbing screenshots of potentially valuable information and capturing user credentials to further spread the attack. RAM scrapers and network/system utilities ("adminware") are also major players in the financial crime space, and especially so in smaller organizations.

Contrary to popular belief

Many people incorrectly assume that sophisticated attacks are behind most data breaches, or else company insiders are to blame. However, 78% of the techniques were not sophisticated attacks, but were rated low - "basic methods, little of no customization or resources required" - or very low - "the average person could have done it."  Also "contrary to popular belief, 86% of attacks do not involve employees or other insiders at all. Of the 14% of attacks that do, it's often lax internal practices that make gaining access easier than you would expect." Only 1% of breaches were attributed to "partner actors."

More than 90% of breaches reviewed came from "external actors," with about 80% related to financial crime and 20% involving cyber-espionage. Victims in the Americas fell prey to social engineering 42% of the time . . . more so than any other region in the world. That top threat action for our region was followed by 29% who became victims via attackers' spyware/keylogger malware.

Organizations spend a fortune on security, so "it's tempting to think that alarm bells must go off when a data breach happens. Sadly, they don't. 66% of the breaches in our 2013 report took months or even years to discover (62% months, 4% years). The problem is getting worse. In the 2012 DBIR, just 56% of breaches took a month or more to be discovered."

9% of all data breaches in the report were found by customers and more than half were spotted by end users. While end-users are often regarded as the weakest link, Verizon said they can be the greatest asset if they are trained how to spot breaches and how to avoid social engineering. IT teams were advised "to consider that complaints about system performance from users might be early warning signs of a breach."

Get a copy of Verizon's DBIR as it is packed with detailed and interesting information.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Insider Shootout: Best security tools for small business
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies