American telecommunications company Verizon today released its first ever data-driven report on cyber-espionage attacks.
The 2020 “Cyber Espionage Report” (CER) draws from seven years of Verizon “Data Breach Investigations Report” (DBIR) content and more than 14 years of the company’s Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise.
Verizon said that it published the CER to serve as a guide for cybersecurity professionals searching for ways to improve their organization’s cyber-defense posture and incident response (IR) capabilities.
Key findings of the report are that for cyber-espionage breaches, 85% of actors were state affiliated, 8% were nation-state affiliated, and just 4% were linked with organized crime. Former employees made up 2% of actors.
The industries most impacted by cyber-espionage breaches in the previous seven years were the public sector, manufacturing, professional, information, mining and utilities, education, and the financial industry.
Of the three most-targeted industries, the public sector bore the brunt of the breaches (31%), while manufacturing and professional were hit by 22% and 11%, respectively.
The top compromised asset varieties in cyber-espionage breaches were desktop or laptop (88%), cell phone (14%), and web application (10%). For all breaches, the top asset varieties were web application (43%), desktop or laptop (31%), and email (21%).
Of the attributes most commonly compromised in cyber-espionage breaches, 91% involved software installation and 73% were secrets. The top compromised data varieties were credentials (56%), secrets (49%), internal (12%), and classified (7%).
The report found that while an organization can be compromised in seconds, discovering the breach can take years. Time to compromise was seconds to days (91%), time to exfiltration was minutes to weeks (88%), time to discovery was months to years (69%), and time to containment was days to months (79%).
The most common types of breaches were web application (27%), miscellaneous errors (14%), and “everything else” (14%), with cyber-espionage making up 10% of breaches.
Researchers noted: “Because cyber-espionage is a difficult incident pattern to detect, the numbers may be much higher. The kinds of data stolen in Cyber-Espionage breaches (e.g., secrets, internal or classified) may not fall under the data types that trigger reporting requirements under many laws or regulatory requirements.”