Verizon, large scale cyber espionage from China and much more

Verizon has issued the “2013 Data Breach Investigations Report” that investigates on a series of documented data breaches.

Verizon’s RISK Team, in collaboration with other 18 partners, has issued the “2013 Data Breach Investigations Report” that investigates on a series of documented data breaches.

Since 2008 the company yearly publishes data related to principal incidents occurred during the previous 12 months, it was the first document that breaks out state sponsored cyber espionage campaigns, highlighting year after year the increase in the number of sabotages and intrusions against foreign states.

The study revealed, as expected, that the Chinese government is the most persistent collectors of sensitive information, company secrets and intellectual property, continuous cyber espionage campaigns targeted foreign companies and government agencies all around the world.

Verizon reported 44 million  of compromised records from 621 confirmed data breaches, of which 19 percent were the result of government-affiliated espionage, the attacks mainly hit financial organization (37%) and retail environments and restaurants (24%).

Chinese hackers targeted product sectors of any government  such transportation, manufacturing and professional services companies, independently from their dimensions.

“A definite relationship exists between industry and attack motive, which is most likely a byproduct of the data targeted (e.g., stealing payment cards from retailers and intellectual property [IP] from manufacturers).”

Almost the totality of attacks is attributable to outsiders as shown in the following picture:

China isn’t the unique country responsible of large scale espionage campaigns, other countries such as Russia, Israel and France, also conduct similar operations but not at the scale attempted by Chinese cyber units.

Within profit-minded hackers most active groups are often based in the United States , Romania, Bulgaria or Russia and their primary purpose is the collection of Payment cards, credentials and Banking account info. State-affiliated actors demonstrated great interest in other data such as Credentials, Internal organization data, Trade secrets and System info and adopted a wide range of attacks from malware based offensive to phishing campaign.

Shawn Henry, former head of cyber security investigations for the FBI who is president of security firm CrowdStrike Services declared;

“It’s not China alone. Dozens of other countries are involved,”

Although cybercriminals are the most common source of data breaches worldwide, Chinese state-sponsored campaigns monopolize the attacks having the purpose of cyber-espionage of intellectual property targeting government representatives of foreign governments.

The figures are shocking and leave no space for free interpretation, for a total of 120 incidents of government cyber-espionage detailed in the report Chinese hackers is responsible for  96 % of the attacks meanwhile isn’t known the source of remaining data breaches.

How do breaches occur?

According the Data Breach Investigations Report 76% of network intrusions exploited weak or stolen credentials, 52% used some form of hacking and 40% of incidents is related to malware.

Despite the evidences confirm the Chinese origin of the cyber espionage campaigns the government of Beijing has always denied any allegations .

According the Data Breach Investigations Report the large number of operations conducted by Chinese Government made possible the identification of a common pattern, Chinese hackers adopted a common strategy in every attack.

But it’s not simple to discover the real origin of attacks, attackers could hide their location in various ways so Verizon officials before to publish the report collected a huge quantity of evidences that linked the cyber espionage campaigns to China.

The report proposes many other interesting information of recent events, it also includes a list of 20 Critical Security Controls recommended to mitigate the growth of cyber threat … 

What are you waiting to read it?

Pierluigi Paganini

(Security Affairs – Security)