Cyber espionage the cause for most companies’ security breaches

A report by Verizon indicates that most security breaches against companies are cyber espionage with the intention to steal valuable company secrets.

By Gregory Hale, ISSSource June 23, 2017

Insider threat, outside threat, malware, ransomware, terrorist, nation state attack, advanced persistent threat, distributed denial of service (DDoS), denial of service (DoS), phishing, or cyber espionage. 

While all are potential threats to any manufacturing enterprise, it appears cyber espionage is by far the most predominant pattern associated with breaches in manufacturing, according to the Verizon 2017 Data Breach Investigations Report (DBIR). While ransomware has been gaining traction throughout the industry over the past six months or so, the Verizon report said for manufacturers, "it is a safe bet that you worry quite a bit about hanging on to secrets. A whopping 90% of data stolen in Manufacturing was of the ‘secrets’ variety."

For a manufacturer, the intellectual property it possesses, whether it is a secret recipe, a creative new concept or a less expensive way to make a widget, makes a tempting target for thieves. Unlike the more run of the mill, "grab-the-loot-and-scram" attacks seen in other verticals, espionage attacks are typically aimed at more long-term results, the report said. "The criminals want to infiltrate the network, find out where the secrets are kept, and then sit and slowly siphon off the nectar for as long as they can," the report said.

In this report, Verizon recorded 620 incidents, with 124 confirmed data disclosures. The top three patterns they found were cyber espionage, privilege misuse and a category they labeled "everything else" represent 96% of breaches within manufacturing. Other categories they found were miscellaneous errors, crimeware and physical theft and loss.

  • The top threat actors were 93% external, 7% internal
  • 94% of the time, the motive for the breach was espionage, with 6% being financial
  • Data compromised was secrets at 91%, and 4% each for internal and personal.

Gains in strategic advantage via espionage-related actions comprise the majority of breaches within this industry. Most are conducted by state-affiliated actors, but instances of internal espionage pilfering trade secrets are present as well. With attacks getting more sophisticated, hackers really don’t focus on breaking into the intended target, rather the bad guy will go in through the front door via a phishing attack that contains a malicious link or attachment. That works because, let’s face it, someone in a company will click on any kind of link sent via email. Then malware ends up installed and it creates a backdoor or C2, and the bad guys return at their leisure to footprint the network and take what they need. In fact, the social and malware combination occurred in 73% of breaches Verizon recorded in the manufacturing sector.

When state-affiliated actors are involved, their operations are targeted attacks, rather than opportunistic, the report said. In other words, the criminals are coming directly for a particular organization with a specific purpose in mind.

The next most common incident pattern, privilege misuse, (while only a very small sample size) is in some ways akin to the external espionage breaches discussed above. It often occurs when a disgruntled employee is tired of being kept down by "the man" and sets off to make their fortune elsewhere – but wants to take as much data as possible with them.

The following are tips Verizon suggested to avoid an attack:

  • Keep highly-sensitive information segregated, and only allow access to those who require it to perform their job.
  • Attacks against manufacturing end up initiated via a phishing email. Train employees in regard to phishing, and provide them with a quick and easy way to report suspicious emails.
  • Internal monitoring of networks, devices and applications is critical. Attempt to implement account monitoring, audit log monitoring and network/IDS monitoring.
  • Implement data loss prevention (DLP) controls to identify and block improper transfers of data by employees.

Gregory Hale is editor and founder at ISSSource. He has over 25 years in the publishing industry. This article originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Carly Marchal, content specialist, CFE Media, cmarchal@cfemedia.com.

ONLINE extra

See more articles from ISSSource below. 

Original content can be found at www.isssource.com.