Even though cyber espionage has often sounded like something straight out of a James Bond flick, it continues to be one of the most realistic threats that have marred government agencies and industries alike. In fact, in several ways, it is even difficult to weigh if corporate espionage is bigger than state-sponsored espionage.
By Augustin Kurian, Senior Feature Writer, CISO MAG
“There is a significant crossover in attackers. It’s not very often you will see state entities subcontracting the online illegal activities to independent hackers. A lot of the Russian military capability around cyber, was actually recruited directly from criminals,” Rik Ferguson, world-renowned cybersecurity expert and Vice President of Security Research at Trend Micro, told CISO MAG.
He continued, “And their problem is that they then expect these criminal recruits to stop being criminals while they’re now in the army, and that’s an unrealistic expectation to have. So, there is and always has been a significant crossover between patriotic hackers and nation-state employees. But I would argue that, from a victim perspective, victims of criminal attacks are far more than victims of nation-sponsored attacks. It is much more numerous because the aim of a nationally aligned attack, whether it’s sponsored or not, are much more restrictive than the aims of a financially motivated attack. So, your potential victim pool is much smaller.”
Verizon recently released its Cyber-Espionage Report (CER), which is their first-ever data-driven publication on advanced cyberattacks. The report asserted that in 85% of cyber espionage breaches, threat actors were state-affiliated, while 8% were nation-state affiliated, and just 4% were linked with organized crime. The report also noted that 2% of breaches were by former employees. When it comes to overall breaches by Incident Classification Pattern for the 2014-2020 Data Breach Investigation Report (the seven years of the reports which has been the basis for CER) timeframe, it was seen that Cyber Espionage ranked sixth (10%) — albeit within close striking distance of fourth: Privilege Misuse (ranked fourth at 11%) and the sagging Point of Sale intrusions (ranked fifth at 11%).
“Unsurprisingly the top industries targeted are Public Sector (31 percent) followed by Manufacturing (22 percent) and Professional (11 percent), this is due to the fact that they hold the majority of secrets, sensitive information, and intellectual property which are most desired by cyber espionage criminals,” Ashish Thapar, Managing Principal and Head – APJ, Verizon Business Group, told CISO MAG.
Thapar added, “Cyber espionage, like other cyber-attacks, has become more sophisticated over time. However, many don’t realize their role in geopolitical conflicts and has been regarded like any other type of cyber-attack for far too long. With nation-states now waging almost-constant cyberwars, cyber espionage has reached a new level of strategic value — and enterprises have to give it significant attention.”
For the percentage of cyber espionage breaches within all breaches by industry, manufacturing topped the list at 35%, it was followed by mining and utilities at 23%, public enterprises at 23%, professional sector at 17%, education at 8%, information at 7% and financial sector at 2%.
It was noted that financial motivations were higher (between 67-86%) and those by Cyber Espionage were comparatively lower (between 10-26%). When asked about why such a huge disparity, Thapar said, “Given their nature (e.g., stealthy tactics, specific targeting), espionage attacks can be difficult to detect and identify as an actual espionage-related attack (given scant IoCs and other details). Whereas financial attacks — if not detected while occurring or soon thereafter — eventually become apparent when money goes missing. At that point, the financial motive, if not already ascertained, can be determined.”
He concluded, “Cyber Espionage breaches pose a unique challenge. Through advanced techniques and a specific focus, Cyber Espionage threat actors seek to swiftly gain access to heavily defended environments, laterally move with stealth and efficiently obtain targeted assets and data.”
About the Author
Augustin Kurian is part of the editorial team at CISO MAG and writes interviews and features.