State-backed data spies hunt industrial secrets

State-sponsored industrial espionage became a bigger cyber-threat to companies in 2012, a report indicates.

Statistics gathered for Verizon's annual data breach report suggested state-sponsored hacking attacks were now the number two cyber-threat.

Top of the list were hackers looking to steal money after breaking into corporate networks,

Often, the report said, companies took months to spot a breach and discover what data had been stolen.

The study was published to coincide with Infosec - an annual security conference in London.

While hackers had financial motives in 75% of the cyber-attacks analysed for the report, in 20% of cases the perpetrators were after trade secrets or intellectual property, it stated.

"The number one statistical change we noticed is the level of state-sponsored espionage," said security analyst Wade Baker, lead author on the report. "That's a lot higher."

He added that 2012 was the first year that there were so many espionage-motivated attacks that they deserved their own category.

Many of the state-backed attacks used phishing campaigns to try to get a foothold in a target company. This technique tries to trick people into revealing useful information that attackers can capitalise on to penetrate deeper into a network.

Manufacturers and transport companies were the most popular targets of such espionage.

Generally, said Mr Baker, attackers used any tactic that got results when seeking to penetrate networks.

Attackers used booby-trapped web pages, vulnerabilities in popular applications, social engineering and many other tactics to gain access. Malicious hackers won access despite widespread use of security tools that aim to spot and stop intrusions.

"We do not get the sense that we are forcing these bad guys to change their methods because we have shored up all the holes and security problems," said Mr Baker. "I would like to see that but I don't.

"They are getting in without changing their tactics and using the same attack against a large number of victims."

The Verizon-sponsored survey generates its statistics by looking into reports of real data breaches suffered by corporations around the world. For the 2013 report it analysed more than 621 separate breaches.

Companies could take several steps to protect themselves, said Mr Baker.

One was to eliminate useless data to focus security on vital company information, he said.

He also encouraged companies to share information about attackers so all the members of a business sector were on their guard.