IP theft attacks can hide on networks for years, unspotted by corporate victims, report claims

IP theft attacks can hide on networks for years, without the knowledge of corporate victims, report claims

Complicated blueprintOrganizations in the financial services and public administration sectors are the primary targets of sophisticated attacks aimed at stealing intellectual property, with attacks involving both external and internal agents and lasting for months or years, according to a new report.

A Verizon report [PDF] reports just 101 incidents of intellectual property theft – around 12 percent of the total data breach incidents it documented – during 2011, but attacks that stole intellectual property were both longer-lasting and more complex than other data breach incidents.

Attackers commonly relied on both external agents and insiders to carry out the attacks.

Professional criminal gangs, hacktivist groups, competitors and state-sponsored actors were “identified or suspected” in many of the IP theft crimes.

Threat agents. Source: VerizonTheir methods were both more sophisticated and determined than the average cybercriminals, the report noted.

Because intellectual property often resides deep within a company’s network on protected systems, IP theft attacks frequently relied on insiders to facilitate.

Verizon found evidence of internal “threat agents” in 46% of the IP theft-related attacks, compared with just 4% of all data breach incidents in 2011.

And, in news that’s bound to be disheartening to companies worried about sophisticated attacks, the report supports the notion that slow, secretive attacks are hard to spot and remove.

Once on a target network, attackers interested in stealing intellectual property hung around. Verizon claims that 17% of the IP-theft related incidents it reviewed persisted for “months” before discovery, while 31% took “years” to discover.

More than half took months, after discovery, to contain and recover from.

Timespan. Source: Verizon. Click for larger version

Database servers, file servers and finance and accounting systems were popular targets in IP-theft related attacks.

The information on intellectual property attacks ran counter to the overall trend in 2011, which found that “opportunistic” attacks by external agents against poorly protected systems were the cause of most data breaches.

In the population in general, attacks on the hospitality industry – including hotels and restaurants – accounted for more than half of the 855 incidents Verizon reported during 2011.

In contrast, targeted attacks to steal intellectual property were spread across just four verticals: financial services, public administration (e.g. government agencies), information technology and manufacturing.

Verizon said that there is no “silver bullet” for companies worried about intellectual property theft. Companies should “adopt a common sense, evidence-based approach” to security management and study incidents at organizations similar to them to see what kinds of threats and failures they are likely to encounter.

Companies should also look closely at the possibility of rogue insider acting in ways that could subvert security measures and address common security lapses such as weak passwords and vulnerable SQL server applications.