Verizon: Global Digital Espionage Rising

Thomas Brewster,
America US China - Shutterstock © Aquir

China said to be chief perpetrator, US the main target, with plenty of activity in Eastern Europe too

Digital espionage campaigns are increasing, with no sign of abatement, according to the Verizon Data Breach Investigations Report.

There were 511 incidents of cyber espionage in 2013, according to the data, with almost 50 percent believed to have emanated from East Asia, which includes China. A fifth came from Eastern Europe.

The number of incidents tripled over 2012, although the rise was partly attributed to the increase in sources for the report, which looked into more than 1,300 confirmed data breaches and more than 63,000 security incidents.

Cyber espionage - © pzAxe - ShutterstockChina and Eastern Europe: Cyber espionage states

Whilst the previous Verizon report found plenty of activity in China, the company was keen to point to significant activity in Russia and Eastern Europe. The US was said to be the number one target of attacks.

“At a high level, there doesn’t seem to be much difference in the industries targeted by East Asian and Eastern European groups. Chinese actors appeared to target a greater breadth of industries, but that’s because there were more campaigns attributed to them,” the report read.

Whilst spear phishing was still the most popular form of attack, where emails with malicious attachments are sent to targets, strategic website compromises (SWCs) were increasingly used, with certain sites hacked to serve exploits to visitors.

“In 2014, we’d like to predict SWCs will fade, but that seems unlikely. While there are downsides to SWCs for the attackers (high visibility and high cost to weaponize and burn a zero day), the benefits of a low-cost way to support long-term operations generally outweigh the risks,” Verizon said.

Distributed denial of service (DDoS) attacks, which were included in the Verizon report for the first time, were seen increasing in size. In 2013, the average attack was 10.1Gbps in size, compared to 7Gbps the year before.

The Izz ad-Din al-Qassam Cyber Fighters, thought to be state sponsored and behind DDoS attacks on US banks, were partly responsible for the rise in size, Verizon said.

Point of sale surprise

Despite all the reports of point of sale (PoS) malware infecting major retailers, including Target and Michaels Stores, such attacks have been decreasing for some time, Verizon said. It recorded 198 data breaches involving PoS machines.

“Some may be surprised that the number of PoS attacks in 2012 and 2013 is substantially lower than the number recorded in 2010 and 2011 (despite having ten times more contributors in the latter years),” the report read.

“Brute forcing remote access connections to PoS still leads as the primary intrusion vector. A resurgence of RAM scraping malware is the most prominent tactical development in 2013.”

Love IT security? Try our quiz!