Feeds

Verizon: 96 PER CENT of state-backed cyber-spying traced to China

Lock up your data, folks

The Essential Guide to IT Transformation

Spooks carrying out state-sponsored cyber-espionage were responsible for one in five data breaches last year, researchers have claimed.

New statistics contained in Verizon’s Data Breach Investigation Report 2012 found that 19 per cent of all attacks were carried out by agents acting on behalf of their government. Researchers recorded more cyber-espionage incidents than ever before, although the majority of attacks were carried out by criminals looking to make money.

Bosses will be comforted by the finding that “external actors” were responsible for the majority of data breaches, with 92 per cent of all incidents involving an attack from someone working outside the the organisation.

Researchers examined more than 47,000 security incidents and 621 confirmed data breaches affecting international organisations from 27 countries, including government agencies, financial institutions and defence contractors. Since the first report was compiled nine years ago, boffins have pored over more than 2,500 data breaches.

The report, which was released today and covers 2012, said: “State-affiliated groups rise to the number two spot for the 2012 dataset ... We saw a dip in financially motivated cases against small organizations in our dataset, and that dip allows other trends to become more pronounced. Furthermore, our own investigations comprised more espionage cases than any previous year.”

Financial organisations suffered the most attacks, accounting for 37 per cent of recorded data breaches. Just over half (52 per cent) of all breaches involved “some sort of hacking” while 76 per cent of “network intrusions involved exploiting weak or stolen credentials” - which basically means someone didn’t set up a decent password.

Some 21 percent of the attacks were carried out by state-affiliated hackers on espionage missions, 96 percent of which could be tracked back to China.

Organised crime was responsible for 55 percent of all breaches, with the majority of attacks coming from the US or Eastern Europe.

The report added: “More than half of all external breaches tie to organized criminal groups. This reflects the high prevalence of illicit activities associated with threat actors of this ilk, such as spamming, scamming, payment fraud, account takeovers and identity theft. For professional criminals, the “why” is simple and consistent—money . As economic and social activities continue to go online, criminals will follow in order to exploit the soaring amount of data that can all too easily be converted to cash.”

Jason Hart, cloud solutions veep at SafeNet, said the data demanded a new way of thinking about security.

He said: “Verizon can always be relied on to lift the lid on hackers' motives and this new batch of data is shocking. While data breaches seem rampant, these results could trigger a real sea change in data protection strategies. Embracing a secure breach strategy renders lost or stolen worthless to the attacker, making the only serious mitigation of the threat to sensitive data held by enterprises and governments.” ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Fiendishly complex password app extension ships for iOS 8
Just slip it in, won't hurt a bit, 1Password makers urge devs
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.