Cyber-Espionage threat actors pose a unique challenges.
Cyber-Espionage breaches occurring most often in the Asia-Pacific (APAC) region (42 per cent), followed by the Europe, Middle East and Africa (EMEA) region (34 per cent), and North America (NA) (23 per cent) region. Threat actors associated with cyber-attacks are attempting to thwart detection and response efforts, as well as conceal attack attribution for political and national security purposes.
In Verizon’s data-driven publication on advanced cyberattacks, the Cyber-Espionage Report (CER) showed:
- 85 per cent of incidents are by state-affiliated cyber-attackers.
- Alarmingly, 69per cent took months or years to discover the breach.
- Government and Manufacturing industries are the most targeted industries by a large margin.
- Threat actors conducting espionage include nation-states (or state-affiliated entities), business competitors and organised criminal groups.
- Targets are both the public sector (governments) and private sector (corporations).
- They seek national secrets, intellectual property and sensitive information for reasons that include national security, political positioning, and economic competitive advantage.
- The most compromised device, by a large margin, is the laptop with credentials and company secrets the most sought-after data varieties.
- The Cyber-Espionage Report (CER) is Verizon’s first-ever data-driven publication on advanced cyberattacks.
Cyber-Espionage threat actors pose a unique challenge to cyberdefenders and incident responders. Through advanced techniques and a specific focus, these determined threat actors seek to gain access swiftly and stealthily to heavily defended environments.
Depending on their goals, they move laterally through the network, obtain targeted access and data, and exit without being detected.
According to the report, they stay back and maintain covert persistence. Threat actors conducting espionage can include nation-states (or state-affiliated entities), business competitors and, in some cases, organised criminal groups. Their targets are both the public sector (governments) and private sector (corporations).
These attackers seek national secrets, intellectual property and sensitive information for reasons that include national security, political positioning, and economic competitive advantage. The Cyber-Espionage threat actor modus operandi includes gaining unauthorised access, maintaining a low (or no) profile and compromising sensitive assets and data.
Technology makes espionage actors fast, efficient, evasive, and difficult to attribute. In a nutshell, for the threat actor, Cyber-Espionage is an opportunity with relatively low risk (of being discovered), low cost (in terms of resources) and high potential (for payoff).