Cyber incidents and data breaches in 2018 were overwhelmingly driven by hopes for financial gain in private-sector and state-sponsored cyber-espionage in public-sector attacks, Verizon found in its Data Breach Investigations Report released last week.
In examining 41,686 security incidents and 2,013 data breaches across 86 countries, Verizon found that most attacks overall – about 71 percent – were fueled by financial gain, while 25 percent of cases were motivated by espionage.
Overall, a large share of overall incidents targeted small businesses, which comprised 43 percent of the breach victims Verizon reviewed, while public-sector, healthcare, and financial organizations comprised 16, 15, and 10 percent of victims, respectively.
Amid overall trends of financial compromise, state-sponsored cyber-espionage overwhelmingly dominated the causes for public-sector attacks. 79 percent of public-sector breaches involved external actors, and 66 percent of public-sector attacks were motivated by espionage, while only 29 percent were financially motivated.
Cyber-espionage in the public-sector also increased significantly from 2017 to 2018, with a 168 percent increase in these types of attacks between years.
The espionage-driven attacks also make it more difficult for public-sector entities to discover breaches, Verizon said.
“Public breaches are over 2.5 times more likely to be undiscovered for years,” the report said. “Espionage-related breaches typically take longer to discover due to the lack of external fraud detection.”
Overall, attackers used hacking, social attacks, and malware in the incidents and breaches, at 52, 33, and 28 percent, respectively. These manifested in attacks like phishing, the use of stolen credentials, backdoor, command and control (C2), and denial of service.
Public-sector victims weren’t of the exception either. Phishing, backdoor and C2 malware, and errors and privilege misuse were the most common causes of incidents and breaches. Verizon said that securing malware in the public-sector is particularly difficult because of funding, and large scope of protection needed.
“Large government entities with a massive community of end-points face a challenge in ensuring the breadth of up-to-date malware defenses are implemented,” Verizon said. “Smaller organizations may lack the budget for additional malware defenses other than desktop [antivirus software].”