While the majority of data breaches are the result of financially motivated cybercriminal attacks, cyberespionage activities are also responsible for a significant number of data theft incidents, according to a report that will be released Tuesday by Verizon.
Verizon's 2013 Data Breach Investigations Report (DBIR) covers data breaches investigated during 2012 by the company's RISK Team and 18 other organizations from around the globe, including national computer emergency response teams (CERTs) and law enforcement agencies. The report compiles information from more than 47,000 security incidents and 621 confirmed data breaches that resulted in at least 44 million compromised records.
In addition to including the largest number of sources to date, the report is also Verizon's first to contain information on breaches resulting from state-affiliated cyberespionage attacks. This kind of attack targets intellectual property and accounted for 20% of the data breaches covered by the report.
In more than 95% of cases the cyberespionage attacks originated from China, said Jay Jacobs, a senior analyst with the Verizon RISK team. The team tried to be very thorough regarding attribution and used different known indicators that linked the techniques and malware used in those breaches back to known Chinese hacker groups, he said.
However, it would be naive to assume that cyberespionage attacks only come from China, Jacobs said. "It just so happens that the data we were able to collect for 2012 reflected more Chinese actors than from anywhere else."
The more interesting aspects of these attacks were the types of tactics used, as well as the size and industry of the targeted organizations, the analyst said.
"Typically what we see in our data set are financially motivated breaches, so the targets usually include retail organizations, restaurants, food-service-type firms, banks and financial institutions," Jacobs said. "When we looked at the espionage cases, those industries suddenly dropped down to the bottom of the list and we saw mostly targets with a large amount of intellectual property like organizations from the manufacturing and professional services industries, computer and engineering consultancies, and so on."
A surprising finding was the almost fifty-fifty split between the number of large organizations and small organizations that experienced breaches related to cyberespionage, the analyst said.
"When we thought of espionage, we thought of big companies and the large amount of intellectual property they have, but there were many small organizations targeted with the exact same tactics," Jacobs said.
There is a lot of intelligence-gathering involved in the selection of targets by these espionage groups, Jacobs said. "We think that they pick the small organizations because of their affiliation or work with larger organizations."