The 2020 Cyber Espionage Report (CER) [download here] is Verizon’s first-ever data driven publication on advanced cyberattacks. This report draws from seven years of Verizon Data Breach Investigations Report (DBIR) content, as well as from more than 14 years of Verizon Threat Research Advisory Center (VTRAC) Cyber Espionage data breach response expertise. The CER serves as a guide for cybersecurity professionals looking to bolster their organization’s cyberdefense posture and incident response (IR) capabilities against cyberattacks.
Key findings from the 2020 CER include:
- INDUSTRIES: Public (31%), Manufacturing (22%) and Professional (11%) were most common. Manufacturing (35%), Mining + Utilities (23%) and Public (23%) were most common by percent within breaches.
- TIMELINES: Time to Compromise was seconds to days (91%), Time to Exfiltration was minutes to weeks (88%), Time to Discovery was months to years (69%) and Time to Containment was days to months (79%).
- ACTORS: For Cyber-Espionage breaches, top Actor varieties were State affiliated (85%), Nation-state (8%) and Organized crime (4%).
Cyber-Espionage threat actors pose a unique challenge to cyberdefenders and incident responders. Through advanced techniques and a specific focus, these determined threat actors seek to swiftly and stealthily gain access to heavily defended environments. Depending on their goals, they move laterally through the network, obtain targeted access and data, and exit without being detected. Or, they stay back and maintain covert persistence.
Threat actors conducting espionage can include nation states (or state-affiliated entities), business competitors and, in some cases, organized criminal groups. Their targets are both the public sector (governments) and private sector (corporations). They seek national secrets, intellectual property and sensitive information for reasons that include national security, political positioning and economic competitive advantage.
The Cyber-Espionage threat actor modus operandi includes gaining unauthorized access, maintaining a low (or no) profile and compromising sensitive assets and data. Technology makes espionage actors fast, efficient, evasive and difficult to attribute. In a nutshell, for the threat actor, Cyber-Espionage is an opportunity with relatively low risk (of being discovered), low cost (in terms of resources) and high potential (for payoff).
Within the CER, not only do we identify the aspects surrounding the Cyber-Espionage threat actors and their targeted victims, but we also identify the frameworks and tools needed to help you improve your ability to better prevent, mitigate, detect and respond to these cyberattacks. These frameworks and tools include the Vocabulary for Event Recording and Incident Sharing (VERIS) framework, Verizon Incident Preparedness and Response (VIPR) report phases, National Institute of Standards and Technology (NIST)Cybersecurity Framework, Center for Internet Security (CIS) Critical Security Controls (CSCs), and the North American Industry Classification System (NAICS).