State-sponsored cyberspying hits small businesses

SEATTLE -- Nation-state-supported cyberspies are increasingly targeting small businesses as part of long-term espionage campaigns.

That's a new pattern that emerges in Verizon's just released 2013 Data Breach Investigations Report (DBIR), which correlates forensics findings from 621 actual databreach investigations in 27 different countries.

Verizon's DBIR has long been considered a rich trove of security intelligence in the cybersecurity community. And it's getting richer. This year's version includes contributions from a record 19 different investigatory organizations from around the world. Key findings:

• 38% of breaches hit larger organizations

• 37% affected financial organizations

• 24% occurred at retailers and restaurants

• 20% involved manufacturing, transportation and utilities.

"Verizon's newest report indicates that most data breaches involve stolen credentials, backdoors and brute force attacks," says HyTrust president and founder, Eric Chiu. "In addition, it confirms what HyTrust has also found-- that the vast majority of breaches aren't detected until months after compromise."

Nathaniel Couper-Noles, senior security consultant at security firm Neohapsis adds that cybercriminals continue to get better at finding and taking advantages of security weaknesses intrinsic to complex networks.

"The breadth of successful attacks in the report shows that technological innovations can benefit attackers as well as defenders," says Couper-Noles.

Andy Green, analyst at Varonis Systems, notes that Verizon's report emphasizes that 80% of breaches could be easily prevented with two-factor authentication, and that it still takes months for most breaches to be discovered.

Varonis recently published a privacy survey that found 47% of resondents using multi-factor authentication for their personal e-mail accounts.

"If this trend can carry over to corporate email and intranet access, then we may finally see a dip in these low-skill, but still very effective, password-based hacks," Green says.

Andy Green, analyst at Varonis Systems, notes that Verizon's report emphasizes that 80% of breaches could be easily prevented with two-factor authentication, and it still takes months for most breaches to be discovered.

Varonis recently published a privacy survey that found 47% of resondents using multi-factor authentication for their personal e-mail accounts.

"If this trend can carry over to corporate email and intranet access, then we may finally see a dip in these low-skill, but still very effective, password-based hacks," Green says.

Another pattern Verizon's investigators have been able to parse out, to some degree, is whether profit-motivated crook or state-sponsored spies appear to be behind corporate network intrusions.

State-affiliated actors accounted for 21 percent of attacks, while organized crime groups were behind 55 percent. China accounted for 96 percent the state-sponsored attacks, while Eastern European countries such as Romania, Bulgaria and Russian Federation countries were responsible for the bulk of financial crimes.

"The bad guys have unlimited resources and time to poke and prod company networks," says Patrick Harbauer, Neohapsis senior consultant. "Your only hope is to invest in qualified people and automated tools so that you can effectively monitor your systems for malicious activity."