Verizon's 2013 Data Breach Investigation Report is out and fingers China as the top source of cyber-espionage data breaches. Verizon’s 2013 Data Breach Investigation Report is out and includes data gathered by its own forensics team and data breach info from 19 partner organizations worldwide. The report covers about 621 confirmed breaches and about 47,000 security incidents that occurred in 2012. Security incidents do not necessarily mean the attackers were able to breach an organization and could include DoS attacks.The motives for attacks were diverse. Verizon’s Dave Hylender wrote, “Money-minded miscreants continued to cash in on low-hanging fruit from any tree within reach. Bolder bandits took aim at better-defended targets in hopes of bigger hauls. Activist groups DoS’d and hacked under the very different – and sometimes blurred – banners of personal ideology and just-for-the-fun-of-it lulz. And, as a growing list of victims shared their stories, clandestine activity attributed to state-affiliated actors stirred international intrigue.”China cyber espionageChina was involved in 96% of all espionage data-breach incidents, most often targeting manufacturing, professional and transportation industries. The assets China targeted within those industries included laptop/desktop, file server, mail server and directory server, in order to steal credentials, internal organization data, trade secrets and system info. A whopping 95% of the attacks started with phishing to get a toehold into their victim’s systems. The report states that, “Phishing techniques have become much more sophisticated, often targeting specific individuals (spear phishing) and using tactics that are harder for IT to control. For example, now that people are suspicious of email, phishers are using phone calls and social networking.” It is unknown who the nation-state actors were in the other 4% of breaches, which the report says “may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today.”Financially motivated data breaches Eastern Europe (e.g., Romania, Bulgaria, and the Russian Federation) and the U.S. were the top actors in financially motivated breaches.In the land of financially motivated breaches, spyware is king. Capturing data from payment cards swiped at POS terminals and credentials typed into online bank accounts are two very popular uses of these tools in cybercrime. As an aside, the use of spyware differs in espionage, where it focuses on grabbing screenshots of potentially valuable information and capturing user credentials to further spread the attack. RAM scrapers and network/system utilities (“adminware”) are also major players in the financial crime space, and especially so in smaller organizations.Contrary to popular beliefMany people incorrectly assume that sophisticated attacks are behind most data breaches, or else company insiders are to blame. However, 78% of the techniques were not sophisticated attacks, but were rated low – “basic methods, little of no customization or resources required” – or very low – “the average person could have done it.” Also “contrary to popular belief, 86% of attacks do not involve employees or other insiders at all. Of the 14% of attacks that do, it’s often lax internal practices that make gaining access easier than you would expect.” Only 1% of breaches were attributed to “partner actors.”More than 90% of breaches reviewed came from “external actors,” with about 80% related to financial crime and 20% involving cyber-espionage. Victims in the Americas fell prey to social engineering 42% of the time . . . more so than any other region in the world. That top threat action for our region was followed by 29% who became victims via attackers’ spyware/keylogger malware.Organizations spend a fortune on security, so “it’s tempting to think that alarm bells must go off when a data breach happens. Sadly, they don’t. 66% of the breaches in our 2013 report took months or even years to discover (62% months, 4% years). The problem is getting worse. In the 2012 DBIR, just 56% of breaches took a month or more to be discovered.”9% of all data breaches in the report were found by customers and more than half were spotted by end users. While end-users are often regarded as the weakest link, Verizon said they can be the greatest asset if they are trained how to spot breaches and how to avoid social engineering. IT teams were advised “to consider that complaints about system performance from users might be early warning signs of a breach.” Get a copy of Verizon’s DBIR as it is packed with detailed and interesting information.Like this? Here’s more posts:Law professor makes a case for legally recognizing the Dangers of SurveillancePETA plans to spy on hunters with dronesHackers steal photos, turn Wi-Fi cameras into remote surveillance deviceMicrosoft Phones, tablets as gaming controllers that detect gritting teeth, blinking?Post Boston: Privacy advocates warn about coming tsunami of surveillance camerasHacks to turn your wireless IP surveillance cameras against youDOJ, DHS rejecting law school grads based on online commentsAir Force hackers win NSA’s 13th annual Cyber Defense ExerciseMicrosoft: Facebook Home is a copycat, Windows Phone is the ‘real thing’AV-Test issues first Windows 8 antivirus solution ratingsKaspersky Lab launches world’s first anti-malware product for UEFIFollow me on Twitter @PrivacyFanatic Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe