Cyber-espionage appears to have hit the mainstream, dominated by state-sponsored operatives and taking the slot as most popular attack method in the public sector, education and manufacturing industries, according to Verizon.
The firm’s much anticipated 2017 Data Breach Investigations Report revealed that one in five (21%) breaches were related to espionage: that’s a total of 289 over the report period, more than 90% of which were state-backed.
The fruits of these efforts have been widely reported in recent months, most notably the Kremlin’s attempts to influence the outcome of the US presidential election by hacking and then leaking sensitive Democratic Party officials’ emails.
This week, Trend Micro claimed that a group allied to Russia’s interests – known as APT28, Pawn Storm and Fancy Bear – had also registered phishing emails to target the campaign of French presidential hopeful Emmanuel Macron.
“The proportion of attacks motivated by the state is still on the rise, and these hackers are becoming more aggressive each year,” Verizon managing principal of investigative response, Laurance Dine, told Infosecurity Magazine.
“The report reveals that state-affiliated actors were responsible for a quarter of its recorded phishing attacks, almost three times as many compared to the 2016 DBIR, where they were responsible for just 9% of phishing attacks.”
Phishing has become a hugely successful tactic overall, present in a fifth (21%) of attacks, up from just 8% last year.
Linked to that stat is another that organizations should take note of: 81% of hacking-related breaches succeed through stolen, weak or easy-to-guess passwords.
It’s clear that staff training on how to spot phishing, combined with a move away from password-based authentication to multi-factor systems, should be encouraged.
Overall, the volume of breaches and stolen records has risen sharply in recent years. Just four million records were lost in 2011, whereas this year’s report covered 1945 breaches including 20 where over a million records were lost.
Financially motivated attacks dominated the breaches analyzed by Verizon, accounting for 73%.
Dine recommended layered security as a key strategy to mitigate the risks posed by an increasingly agile and determined enemy.
“With a lot of espionage attacks, hackers want to have access for as long as possible without being detected. They get into the network, do some foot-printing and scanning, see what they can get, and can stay under the radar by piggybacking off normal activity. This means hackers can just get one code to the backdoor and they get the keys to the kingdom,” he explained.
“Our advice would be to only give people privileges to certain parts of the network that they actually need to do their job. It is also important to have network monitoring to identify any unusual activity, so that if a hacker has gained access then they can be detected. Monitor outbound traffic to see if anyone is making connections that they have no logical reason to be making – if people are doing things they have nothing to do with their jobs it should raise an alarm. It all goes back to the idea of assuming you have been breached and looking for intruders to give themselves away. Layered security is the only way to do this.”