Verizon Security Research: Over 20% Of Data Breaches Thought to Be Carried Out By Nation State Actors
Verizon’s 2019 Data Breach Investigations Report (DBIR), released Wednesday, which analyzed more than 41,000 cybersecurity incidents and over 2,000 data breaches from 86 countries.
It found that cyber attacks by nation states and parties affiliated with them represented 23% of data breaches, up from 12% in 2018 and 19% in 2017,
Corporate spying is on the rise as a motivation for cyber attacks, with a full quarter of all network compromises associated with reconnaissance and data exfiltration in the last 12 months. Still, financially motivated attacks aren’t going anywhere; social-engineering attacks aimed at stealing funds still represented 12 percent of data-breach incidents, and most cyberattacks overall were motivated by financial gain.
Ransomware attacks are still going strong, and account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high-profile target in the mix. However, it is still a serious threat to all industries. Meanwhile, some other threats that are frequently hyped, such as crypto mining (2% of malware), occur very infrequently in our data set.
Partly in reaction to the 77 percent plunge in Bitcoin, cybercriminals did not abandon crypto mining altogether, instead, SamSam and GandCrab ransomware were being used to attack corporations, government agencies, universities, and other large organizations.
Attackers often favor cryptos, as is it can be laundered and transferred for relatively low cost and presents a negligible risk. Nevertheless, a distinct drawback is that this type of currency is a bit limited with regard to what one can purchase with it. Thus, at some point, it has to be exchanged. For these and other reasons, research into increasing both the risk and cost associated with cryptocurrency laundering and/or exchange for illicit purposes has a good deal of potential as a means of increasing breach overhead and thereby decreasing the relative profit associated with such crimes.