Feeds

Verizon: 96 PER CENT of state-backed cyber-spying traced to China

Lock up your data, folks

Choosing a cloud hosting partner with confidence

Spooks carrying out state-sponsored cyber-espionage were responsible for one in five data breaches last year, researchers have claimed.

New statistics contained in Verizon’s Data Breach Investigation Report 2012 found that 19 per cent of all attacks were carried out by agents acting on behalf of their government. Researchers recorded more cyber-espionage incidents than ever before, although the majority of attacks were carried out by criminals looking to make money.

Bosses will be comforted by the finding that “external actors” were responsible for the majority of data breaches, with 92 per cent of all incidents involving an attack from someone working outside the the organisation.

Researchers examined more than 47,000 security incidents and 621 confirmed data breaches affecting international organisations from 27 countries, including government agencies, financial institutions and defence contractors. Since the first report was compiled nine years ago, boffins have pored over more than 2,500 data breaches.

The report, which was released today and covers 2012, said: “State-affiliated groups rise to the number two spot for the 2012 dataset ... We saw a dip in financially motivated cases against small organizations in our dataset, and that dip allows other trends to become more pronounced. Furthermore, our own investigations comprised more espionage cases than any previous year.”

Financial organisations suffered the most attacks, accounting for 37 per cent of recorded data breaches. Just over half (52 per cent) of all breaches involved “some sort of hacking” while 76 per cent of “network intrusions involved exploiting weak or stolen credentials” - which basically means someone didn’t set up a decent password.

Some 21 percent of the attacks were carried out by state-affiliated hackers on espionage missions, 96 percent of which could be tracked back to China.

Organised crime was responsible for 55 percent of all breaches, with the majority of attacks coming from the US or Eastern Europe.

The report added: “More than half of all external breaches tie to organized criminal groups. This reflects the high prevalence of illicit activities associated with threat actors of this ilk, such as spamming, scamming, payment fraud, account takeovers and identity theft. For professional criminals, the “why” is simple and consistent—money . As economic and social activities continue to go online, criminals will follow in order to exploit the soaring amount of data that can all too easily be converted to cash.”

Jason Hart, cloud solutions veep at SafeNet, said the data demanded a new way of thinking about security.

He said: “Verizon can always be relied on to lift the lid on hackers' motives and this new batch of data is shocking. While data breaches seem rampant, these results could trigger a real sea change in data protection strategies. Embracing a secure breach strategy renders lost or stolen worthless to the attacker, making the only serious mitigation of the threat to sensitive data held by enterprises and governments.” ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.