Overall cyber attacks are up, but most dramatically in the last year, the type of attack has shifted away from hacking and financially motivated crime toward cyber espionage focused on critical infrastructure. Shown is the Columbia Generating Station, a nuclear power plant in Washington state. (AFP)
SAN FRANCISCO — Overall cyber attacks are up, but most dramatically in the last year, the type of attack has shifted away from hacking and financially motivated crime toward cyber espionage focused on critical infrastructure, such as utilities, according to research from communications provider Verizon.
“These aren’t about stealing data and fraud, they’re about deny, disrupt and destroy,” said Bryan Sartin, director of investigative response for Verizon.
In its upcoming Data Breach Investigation Report, a yearly document that is one of the more noteworthy surveys of attacks released to the public, the company found that cyber espionage, once a far lesser component of the attack volume, is now dominating networks.
“Starting in about Q1 last year, suddenly if you look the cyber attack notifications, suddenly most everything that we started seeing — which ratcheted up to almost five out of six of the notifications that we performed for entities on and off the Verizon network — suddenly they’re cyber espionage but with a special twist,” Sartin said. “I’d go so far as to say that it’s nation state, but almost every victim is critical infrastructure.”
The report won’t be released until spring, but Sartin described some of the more dramatic shifts from last year’s research.
While in the past attribution has been difficult, most of the nation state attackers have been pretty easy to track, he said.
“It’s pretty obvious,” he said. “These guys don’t take the same tactics, you know, the multiple jump points and the aggregated intermediary connections where there are 7,000 bad connections coming through at the same time to hide their source that we saw with hacktivism and especially with financial crimes. It’s obvious and there’s a very apparent lack of concern on the part of the adversary that they’re going to end up in the clinker for this.”
Beyond the increase in critical infrastructure attacks, the shape of financially motivated attacks has also shifted, as they’re becoming less successful.
“The sophistication is actually devolving with financial crimes,” Sartin said. “You see more of them, but there’s less data stolen and the victims are small people who couldn’t yield much.”
Verizon holds a special position in that, as a communications provider, a huge amount of global traffic flows through the company’s pipelines. The company has been working with customers to provide improved security, even using its unique position to help a client scan its incoming and outgoing traffic remotely, without the need for any onsite installation or personnel.
While greater information sharing is a critical component of the solution to the increasingly problematic threat of cyber espionage, Sartin said, it’s also critical that companies come forward after they’ve been attacked.
“Anything that compels entities, victims, to go to law enforcement or disclose crimes to government, particularly that incentivizes that or takes away the penalties,” he said. “We can’t fight these things until a) the intelligence sharing component is fixed, but also b) people stop hiding these things in the shadows.”
The culture has shifted slightly, in that companies are increasingly acknowledging attacks, but the stigma surrounding admitting to an attack remains. A recent HBGary report found that 78 percent of the investors surveyed were unlikely to invest in a company that had suffered one or more cyber attacks.