Industries frequently targeted by financially-motivated cybercriminals, such as banks and healthcare organizations, are a lower priority for attackers engaged in espionage, a new report from Verizon suggests. These attackers, typically linked to nation states, instead focus their efforts on industries that hold data like trade secrets, blueprints and classified government documents.
Public-sector organizations, for example, were the most likely to be targeted by cyber-espionage attacks, with about 31% of those incidents hitting the industry between 2014 and 2020, according to the Verizon Cyber Espionage Report released Tuesday. Manufacturing companies, professional services firms, and companies in the information sector came next, with 22%, 11%, and 7% of cyber-espionage incidents, respectively. Mining and utilities, education, and financial organizations were each targeted with about 3% of cyber-espionage attacks.
The report draws from seven years of data from Verizon’s Data Breach Investigations Report, as well as breach response information from Verizon’s Threat Research Advisory Center, or VTRAC. It is the first cyber-espionage report released by the company.
John Grim, the head of research development and innovation for VTRAC, said that one of the clearest explanations for why these industries are targeted the most can be seen in the type of information that cybercriminals go after. In about three-fourths of the cyber-espionage incidents that Verizon examined, secretive information was compromised. Attackers also targeted data that could help them discover and exfiltrate other information, like credentials and system information. With financially-motivated incidents, criminals tend to target personal information, payment data, credentials, and medical information, according to the Verizon study.
“These industries [hit by cyber-espionage attacks] all have in one way, shape or form secret data,” he said. “The public sector has a lot of government secrets, manufacturing has trade secrets and schematics, as well as the mining and utilities industry.”
It also helps explain why financial organizations—a top target for cybercriminals—appears so low on the list for cyber-espionage attacks, and why healthcare organizations don’t even make the list at all.
“Most of the time they’re dealing with financially-motivated threat actors, not cyber espionage,” Grim said.
But although a handful of industries appeared to face the brunt of espionage-related attacks, Verizon researchers cautioned that many attacks might go undetected, especially because nation-state attackers are more likely to cover their tracks and avoid commodity malware that’s easier for companies to spot.
“Long story short: Just because your organization’s industry has not been a typical target for Cyber-Espionage threat actors doesn’t mean it won’t be, can’t be or hasn’t been,” the report said.