APAC Public Sector Targeted By Sophisticated Attacks

Cyber-espionage attacks occur more frequently in Asia-Pacific than in any other region, according to the new Verizon Cyber-Espionage Report (CER) released by the Verizon Threat Research Advisory Center (VTRAC).

In fact, cyber-espionage breaches in Asia-Pacific (42%) occurred more frequently than in Europe, the Middle East, and Africa (34%), and North America (23%) regions. The most targeted industries for attacks include the Public Sector (31%), followed by Manufacturing (22%) and Professional Services (11%).

The top actors in cyber-espionage breaches are state-affiliated (85%), nation-state actors (8%), and organized crime (4%). The CER found that confidential, sensitive, or business-critical data is often most targeted in cyber-espionage breaches, as attackers seek out data that could impact national security, political positioning, and competitive economic advantage.

The CER is the first-ever, data-driven publication on advanced cyberattacks that analyzes seven years (2014 to 2020) of Verizon Business Data Breach Investigations Report (DBIR) content. It contains recommendations for organizations to better defend and recover from cyber-espionage attacks, including:

• Regular security awareness training — Employees are the first line of defense. Social engineering, or phishing, is a standard method cyberspies use to gain access into sensitive systems. Employees must undertake regular security awareness training.
• Strengthen boundary defenses — Effective boundary defenses (e.g., network segmentation) and more robust access management capabilities (e.g., access granted on a need-to-know basis) can mitigate cyber-espionage attacks.
• Managed detection and response (MDR) — A robust MDR offering can identify compromise indicators on the network and the endpoints. Essential components of MDR include security information and event management (SIEM) technologies; threat intelligence; user and entity behavior analytics (UEBA); and threat hunting capabilities, as well as integrations with endpoint detection and response (EDR), network detection and response (NDR), and deception technologies.
• Data leakage/loss prevention (DLP) — Can flag sensitive data being snuck out the back door.
• Optimizing cyber threat intelligence — Recognizing compromise indicators, leveraging tactics, techniques and procedures, and implementing a robust incident response plan are also essential strategies for combating cyber-espionage.

“Cybercrime comes in all shapes and sizes, but fighting and preventing it is of equal importance. Defenses and detection and response plans should be tested regularly and optimized to confront cyber threats head-on,” said John Grim, lead author of the Verizon Cyber-Espionage Report.

“This is particularly important for Cyber-Espionage breaches, which typically involve advanced threats targeting specific data and operating in ways to avoid detection and deny cyber defenders’ effective response.”

Image credit: iStockphoto/MariusLtu