While hackers are often driven by financial gain through extortion schemes, state-sponsored criminal groups actively targeted the public administration sector for cyberespionage purposes in 2018. 16 percent of breaches occurred in public administration where “cyberespionage is rampant,” while 15 percent affected healthcare companies and 10 percent involved financial companies, Verizon found after analyzing more than 41,000 security incidents and confirmed data breaches in the US.
“Given the sheer number of incidents in this sector, you would think that the government incident responders must either be cape and tights wearing superheroes, or so stressed they’re barely hanging on by their fingernails,” says the report. “Admittedly we do not have as much data as to what is happening beyond the deception and initial device compromise. The inclusion of keylogging malware is a good indicator that additional credential theft and reuse is a likely next step.”
52 percent of breaches involved hacking techniques such as SQL injection or brute force attacks and 33 percent involved social engineering schemes. Malware was detected in 28 percent of breaches while errors were also responsible for 21 percent of breaches.
Cybercriminals deploy sophisticated attacks to steal critical assets such as intellectual property, research data or top secret information from government instructions, or sabotage critical systems and infrastructures through state-sponsored attacks. Financial greed was behind 71 percent of breaches, according to Verizon’s analysis, while only 25 percent of attacks were driven by cyber espionage. Ransomware remains a major threat, claiming 24 percent of malware attacks.
Phishing incidents, such as email scams to steal credentials and other sensitive information such as passwords, were responsible for 32 percent of breaches of public and private industry networks.
Even though 39 percent of breaches were linked to organized criminal groups and 23 percent to nation-state actors, internal threats are a growing and difficult threat to detect, found the report. Companies struggle to define a risk management approach that includes insider threats because they need to predict all potential behavioral scenarios to reduce risks and minimize impact.
Employees still fall victim to psychological manipulation through some of the most basic phishing or ransomware attacks. With a single click on an infected link or download of an infected file, they can compromise the infrastructure in the entire organization. Whether intentional or not, internal actors (threats originating from inside the organization) were responsible for 34 percent of attacks, while almost 70 percent of data breaches were caused by external actors. Out of these, 50,000 breaches are botnet related.
Given the privileges they have in an organization and sensitive financial info they work with daily, C-level executives such as CEOs and CFOs were the most targeted by social engineering and Business Email Compromise-type scams, the study points. Found to be 12 times more likely to be hit with a social engineering attack, senior executives are highlighted as a critical liability for global organizations. Also known as Man-in-the-Email scams or CEO fraud, BEC attacks confirm hackers are doing research on their victims to make sure their attack vectors are effective.