China Behind 96% of All Cyber-Espionage Data Breaches, Verizon Report Claims 96
colinneagle writes "Verizon's 2013 Data Breach Investigation Report is out and includes data gathered by its own forensics team and data breach info from 19 partner organizations worldwide. China was involved in 96% of all espionage data-breach incidents, most often targeting manufacturing, professional and transportation industries, the report claims. The assets China targeted within those industries included laptop/desktop, file server, mail server and directory server, in order to steal credentials, internal organization data, trade secrets and system info. A whopping 95% of the attacks started with phishing to get a toehold into their victim's systems. The report states, 'Phishing techniques have become much more sophisticated, often targeting specific individuals (spear phishing) and using tactics that are harder for IT to control. For example, now that people are suspicious of email, phishers are using phone calls and social networking.' It is unknown who the nation-state actors were in the other 4% of breaches, which the report says 'may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today.'"
The report also notes that financially-motivated incidents primarily came from the U.S. and various Eastern European countries.
Re:I must admit a begrudging respect for China (Score:3, Interesting)
What makes you think the US isn't doing the same? There have been complaints from European companies for decades that the US was spying on them, and it is safe to assume that anything worth stealing that China develops would be a target as well.
There was an article today about how China is well ahead of the US in renewable energy. China is deploying a deep water thermal differential power plant, the largest of its kind. China has faster trains than anything in the US, even if the signalling system isn't so good... You can bet your bottom dollar that the US government is keeping a close eye on these developments.
Block all of China? (Score:5, Interesting)
I have a dumb question: If your company does not depend on doing business with China, why not block their entire country within your firewall? My current company has no dealings with China, so I've blocked their national IP address range. My spam/attacks have gone down almost 90% since doing so. I did the same with Russia and most of the former Soviet nations.
Re:I only have one question... (Score:5, Interesting)
I realize you were probably asking this in jest, but Verizon Business Security is independent of their cell phone business. What happened is their investigators got pretty darn good at rooting out hackers, both internal and external. Helping customers find external hackers in their networks led them to offering these investigation services to other corporations. I'm pretty sure that their security team is a profitable self-sustaining division these days.
The most important thing to the rest of us is they created a schema for recording incidents, and they publish the data (after anonymizing it.) With the number of investigations they perform, it becomes a statistically significant source of information about breaches, which had been a real black hole of information before.
Most companies are reluctant to announce anything about their breaches. They're always negative publicity, they lead to accusations of wrongdoing or incompetence, and they may reveal other sensitive internal information about the kinds of data they keep. By being anonymized through the DBIR, we all get to learn much more about the threat landscape without being able to blame a specific company for a specific loss.