Attacks targeting government info, intellectual property grow more complex

Nov 15, 2012

IP theft

Government  -- in common with business sectors such as manufacturing, IT and technical services -- is being targeted by increasingly complex attacks with the intent of stealing data rather than money, according to the most recent snapshot from the Verizon Data Breach Investigation Report. Although the types of sensitive information held by government often differs from private sector intellectual property, government and the private sector share a lot in common as victims, according to Verizon analysts.

While most financially motivated attacks are against targets of opportunity, “when it comes to IP theft, the targeted nature of the attacks considerably changes how they are conceived and carried out,” the report says. “The fact that it is usually a different kind of threat agent -- those looking for highly sensitive information to be used for a specific purpose, as opposed to those only looking for a quick cashout -- also changes the game.”

The typical attack profile is very different for government agencies than it is for financial targets such as banks and retail business organizations, said Marc Spitler, senior analyst with the Verizon RISK (Research Investigations Solutions Knowledge) team. Rather than straight-forward hacking and malware attacks, agencies often face a longer, more diverse attack chain that uses multiple types of threats. A typical attack chain might begin with a phishing expedition using social engineering, then move on to installation of malware, which can then be used for hacking, which can take advantage of errors in system configuration, followed by more hacking to access sensitive data.

Although the Verizon snapshot on intellectual property theft does not break out government cases, the process is largely the same for government and private industry, said Brian Costello, vice president for public sector cloud and security solutions for Verizon Terremark. But government also faces some additional challenges. In the face of what he called a “massive increase in customized malware attacks,” government still is responding with outdated signature-based defenses that do not adapt to rapidly evolving and mutating attacks.

That is a reflection of the government focus on regulatory compliance and administration, Costello said. With most resources being devoted to compliance, there is little left for acquiring or developing tools to detect behavioral patterns that could spot a sophisticated attack in progress.

“That’s a common struggle we see with our government customers today,” he said. “Most are aware of the gap” between needs and capabilities, but are not able to adequately address it.

The good news is that much of the data needed to detect such multi-step attacks already is being gathered and is available in system logs. But it is not being effectively reviewed or analyzed to detect attacks while in progress. “The data is there,” Costello said. “[Agencies] need an appropriate strategy for using the resources.”

The key to effective use of resources is knowing what data is being targeted and how it can be reached, Spitler said. “Not every security control is easy to implement,” so agencies must prioritize and focus on protecting the right assets.

The 2012 Data Breach Investigation Report analyzes 855 data breaches involving more than 174 million compromised records, gleaned from reports provided by the U.S. Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police.

-- William Jackson

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

inside gcn