Governments Behind Surge in Cyber-Espionage


Online threat motives

Stealing your money remains the number-one motive for bad guys staging cyber-attacks of various sorts, but greed is dropping in importance relative to nosiness, according to Verizon. The telecommunications company finds espionage soaring as a motive for online threats, driven by governments less interested in cash than information.

Overall, cyber-espionage made up about 22 percent of incidents lst year, and growing. According to the authors of the 2014 Data Breach Investigations Report, "We knew espionage had been rising over the last few years, but the trend line chart surprised us by the degree of convergence with financial motives."

The authors speculate that the rise in espionage as a driver of online attacks may be "the result of adding contributors to the DBIR who specialize in espionage," but make it clear that they don't know. It's a change in online activity that they'll continue watching, according to the report.

As for who is behind that online espionage, and the popular targets…

It's worth knowing that 54 percent of all cyber-espionage targets are in the United States—South Korea comes in second place at 6 percent. This actually represents a broadening of targets, with the U.S. share of attacks declining relative to past years. Using standard classifications, the main targets of espionage are in the public (government), professional (including scientific and technical), and manufacturing sectors.

With such an emphasis on government targets, it's no shocker that the main snoops are mostly other governments. A whopping 87 percent of the actor behind cyber-espionage are state-affiliated, followed by organized crime at 11 percent.

Also, not too surprisingly, much of the threat is from Eastern Asia. Forty-nine percent of the actors within cyber-espionage are from that region, with 25 percent unknown, and 21 percent from Eastern Europe.

The authors of the report are careful to caution that the report doesn't cover all online incidents—they're dependent on the information they can gather. So the data might be skewed. But that's an interesting growth in the use of the Internet as a battleground between governments.

By far, the most popular means of executing an espionage attack is spear phishing.

A well-crafted and personally/professionally-relevant email is sent to a targeted user(s), prompting them to open an attachment or click a link within the message. Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective.

As far as total threats go, though, hacking and malware remain the most dangerous, with financial motives still the main driver of attacks overall.

Who knows. As governments continue going broke, maybe money will become a main motivator for them, too. "GREETINGS: My father was a very wealthy military contractor in Washington, D.C.."

NEXT: Obama Breaks Armenian-Genocide Promise for 6th Year in a Row

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. “Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective.”

    Inevitably? Really? That drives me nuts. I never click, answer, respond to the fuckers. I can spot a con a mile away. I know people who do and it pisses me off. They are facilitating them with their naivety. Grow the fuck up.

    Look, there is no such thing as ‘Credit Card Services’ and they will not call or email to ask about your account. They already have your account number, so they won’t be asking for it.
    There is Discover. There is Visa. There is MasterCard. There is CitiBank, but there is NO Credit Card Services.
    Legitimate businesses contact you with real names and specific information. They don’t call with questions and vagaries. They can be called back. They don’t call from blocked or unknown numbers. They don’t have email addresses in Africa or Vanuatu.

    1. There is no way they can make your dick bigger, or fuck like you did at 19. There are no secret cures for Rheumatoid Arthritis, joint pain, impotence or hair loss. If it works, it is known and popular….you know, like Aspirin. Some fucking root or melon from an exotic locale won’t make your teeth grow back. There is no weird trick that will help you lose weight or secret bible codes that will make you rich.

      Obama and cronies are not using a little known technique to gain millions, tax free, every month. They are just stealing and they are doing it right in front of your eyes.

      Good grief.

      1. You are crushing my universe here!!! Are you telling me I can’t get Obama to refi my house either?

      2. fuck like you did at 19

        Thank god, the constant boner was annoying.

        1. No shit.

  2. I work in IT security and read security listservs and blogs. They all agree that the greatest risk to the security of our machines and data is not hacked passwords but phishing. The number of successful phishing attacks never goes down, no matter how much training we make our users take. The ‘Help Desk Team’ will never threaten to shut down your account. Nor did you get a refund for $93.86, and just open this zip file… (I actually got one of those yesterday…)

    1. I though you were a linguist of some sort…

      1. I wear two hats–one of them is IT-shaped, the other dabbles in phonology. But only after midnight under a full moon.

    2. You mean I really did not win a free cruise to Hawaii, all expenses paid, in that contest that I don’t remember entering?

      *hangs head, puts suitcase back in closet*

  3. “Can you hear me now?”

Please to post comments

Comments are closed.