Verizon Business conducted a survey revealing a concerning trend: the APAC region and its businesses were the primary targets of espionage-related cyber-attacks. These attacks, orchestrated by cybercriminals, aimed at gathering intelligence to be passed on to adversaries.
Surprisingly, Europe and North America experienced a significantly lower rate of spying-related cyber-attacks, accounting for only 6% and 4% of incidents, respectively. The data was drawn from an analysis of 2,129 incidents, including confirmed breaches, network infiltrations, social engineering, and exploitation of vulnerabilities in basic web applications.
The study highlighted that a substantial portion of compromised data—69%—consisted of stolen credentials, with 37% relating to internal information and 24% to business secrets.
So, what is the objective behind these espionage attacks?
In essence, the goal is to gather valuable information, including trade secrets, research and development data, and strategic intelligence. This information can be leveraged to mimic competitors or adversaries, or to anticipate future actions and developments. Such insights are invaluable to military and intelligence operations, providing a crucial advantage in both corporate and governmental landscapes.
Notable instances include the infamous ‘Operation Aurora’ in 2009, where Chinese intelligence breached Google’s Gmail servers to obtain data on Chinese human rights advocates. Similarly, the Russia-based cybercrime group known as ‘Fancy Bear‘ launched a spear-phishing attack on the Democratic National Committee, aiming to steal classified information related to the 2016 US elections.
Several government-funded groups are actively engaged in espionage-related cyber-attacks, including Muddy-Water, Pioneer Kitten, Goblin Panda, and GhostNet.
To mitigate the risks posed by such cyber espionage, organizations should prioritize timely software patching, implement multi-factor authentication, segment networks to impede hacker movement, and deploy threat monitoring solutions. Regular reviews of cybersecurity posture are essential to detect and address any instances of data spillage or misuse promptly.