Skip to main content

China dominated cyber espionage in 2012

Cyber attacks showed no signs of slowing down in 2012, with hackers targeting financial institutions, retail operations, and more, according to a new report. But while many hackers tried to fatten their wallets, cyber espionage was the name of the game in China.

"From pubs to public agencies, mom-and-pops to multi-nationals, nobody was immune," Verizon said in its annual Data Breach Investigations Report (DBIR).

The report, which incorporated data from 19 global partners, covered 47,000 reported security incidents and 621 confirmed data breaches in 2012. "Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage," Verizon said.

According to the report, 92 per cent of breaches are perpetrated by outsiders, while 14 percent have an insider connection.

"Victims in this report span restaurants, retailers, media companies, banks, utilities, engineering firms, multi-national corporations, security providers, defense contractors, government agencies, and more across the globe," Verizon found. "A definite relationship exists between industry and attack motive, which is most likely a byproduct of the data targeted (e.g., stealing payment cards from retailers and intellectual property [IP] from manufacturers)."

The report found that "state-affiliated actors tied to China are the biggest mover in 2012. Their efforts to steal IP comprise about one-fifth of all breaches in this dataset."

Approximately 96 per cent of the cyber-espionage cases tagged by the report traced to China, while four per cent are unknown. "This may mean that other threat groups perform their activities with greater stealth and subterfuge," Verizon said. "But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today."

Most cyber-espionage campaigns were in search of data that furthers national interests, such as military or classified information, economy-boosting plans, insider information or trade secrets, and technical resources such as source code.

The report noted, however, that there was better sharing of data and improved detection capabilities in 2012, which possibly resulted in more detections.

In terms of how the attacks are carried out, Verizon found that 52 per cent involved some form of hacking, 76 per cent exploited security flaws, 40 per cent turned to malware, and 29 percent used social tactics like phishing.