IP theft attacks can hide on networks for years, unspotted by corporate victims, report claims

Filed Under: Data loss, Featured, Malware, Privacy, Vulnerability

Complicated blueprintOrganizations in the financial services and public administration sectors are the primary targets of sophisticated attacks aimed at stealing intellectual property, with attacks involving both external and internal agents and lasting for months or years, according to a new report.

A Verizon report [PDF] reports just 101 incidents of intellectual property theft - around 12 percent of the total data breach incidents it documented - during 2011, but attacks that stole intellectual property were both longer-lasting and more complex than other data breach incidents.

Attackers commonly relied on both external agents and insiders to carry out the attacks.

Professional criminal gangs, hacktivist groups, competitors and state-sponsored actors were "identified or suspected" in many of the IP theft crimes.

Threat agents. Source: VerizonTheir methods were both more sophisticated and determined than the average cybercriminals, the report noted.

Because intellectual property often resides deep within a company's network on protected systems, IP theft attacks frequently relied on insiders to facilitate.

Verizon found evidence of internal "threat agents" in 46% of the IP theft-related attacks, compared with just 4% of all data breach incidents in 2011.

And, in news that's bound to be disheartening to companies worried about sophisticated attacks, the report supports the notion that slow, secretive attacks are hard to spot and remove.

Once on a target network, attackers interested in stealing intellectual property hung around. Verizon claims that 17% of the IP-theft related incidents it reviewed persisted for "months" before discovery, while 31% took "years" to discover.

More than half took months, after discovery, to contain and recover from.

Timespan. Source: Verizon. Click for larger version

Database servers, file servers and finance and accounting systems were popular targets in IP-theft related attacks.

The information on intellectual property attacks ran counter to the overall trend in 2011, which found that "opportunistic" attacks by external agents against poorly protected systems were the cause of most data breaches.

In the population in general, attacks on the hospitality industry - including hotels and restaurants - accounted for more than half of the 855 incidents Verizon reported during 2011.

In contrast, targeted attacks to steal intellectual property were spread across just four verticals: financial services, public administration (e.g. government agencies), information technology and manufacturing.

Verizon said that there is no "silver bullet" for companies worried about intellectual property theft. Companies should "adopt a common sense, evidence-based approach" to security management and study incidents at organizations similar to them to see what kinds of threats and failures they are likely to encounter.

Companies should also look closely at the possibility of rogue insider acting in ways that could subvert security measures and address common security lapses such as weak passwords and vulnerable SQL server applications.


, , , , , , , , , , , , ,

You might like

One Response to IP theft attacks can hide on networks for years, unspotted by corporate victims, report claims

  1. Keith · 728 days ago

    This is only aided by software publishers/programmers so frequently using default passwords in database applications and writing code for convenience instead of security.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul is a Boston-based reporter and industry analyst with more than a decade of experience covering the IT industry, cyber security and hacking. His work has appeared on threatpost.com, The Boston Globe, salon.com, NPR's Marketplace, Fortune Small Business, as well as industry publications including ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and ITWorld.com. Paul got his 15 minutes as an expert guest on The Oprah Show - but that's a long story.