Data breaches resulting from phishing attacks increased fourfold in the past year, according to an annual report from Verizon [VZ] released this week.
The company attributes the spike in phishing activity to rising cases of cyber espionage. The report found a correlation between the type of attack and the method used. For espionage, attacks primarily targeted users and servers through malware, hacking and other forms of social engineering.
Verizon’s Data Breach Investigations Report is a “sample of security incidents that resulted in a data breach significant enough that the organization asked for outside assistance” from Verizon, said Kevin Thompson, senior analyst on Verizon Risk Team, who helped compile the report.
For this year’s report, Verizon collected information from 18 partner organizations. Thompson said the rise in espionage may be attributed in part to the larger data set, but he said Verizon noted an absolute rise as well.
The 2013 report recorded 47,000 security incidents of which 621 were confirmed data breaches. In the nine years since the report’s first publication, Verizon has analyzed a total of 2,500 data breaches and 1.1 billion compromised records.
The 2013 report also noted a broad diversity in victims.
“What we want to drive home there is that everybody is getting victimized in some way,” Thompson said. “If you have an IP address, you have a target on you.”
Verizon compiled data on other attack forms, such as ATM skimming and smash-and-grab of computer cash registers, but Thompson said the defense community should take note of the report’s information on espionage.
“The defense community is going to be less concerned about financially motivated attacks,” he said. “For the DoD, I would be particularly worried about phishing and social engineering and malware.”
Most breaches were attributed to outsiders, with 19 percent attributed to state-affiliated actors. These breaches were primarily tied to a rise in Chinese espionage targeting intellectual property, according to the report.
The report emphasizes the persistence of attackers in phishing and social engineering vectors.
“Year after year after year, it’s the same thing,” Thompson said. “Users that click on attachments and run infected PDFs–it works year after year after year.”