US and Ukraine Top List of Cyber Spy Victims

The United States and Ukraine bore the brunt of identifiable cyber espionage attacks over the past year, according to data compiled by Verizon, with international industry and government input. 

The two countries were the targets of a combined 40 percent of cyberspy assaults on governments, based on statistics provided to Nextgov. In the majority of digital espionage cases -- 55 percent -- investigators could not identify a victim.

There were 120 cyber-surveillance incidents in the public sector in 2014, according to the figures. The U.S. and Ukraine each were prey 20 percent of the time.

Spying operations against Poland accounted for 3.3 percent of the cases. China, Belgium and Angola each experienced 0.8 percent of the attacks.

As in years past, the annual Verizon Data Breach Investigations analysis contains reports from the U.S. Secret Service and the Department of Homeland Security. The study is expected to be released Wednesday.

Since 2013, more than two-thirds of cyber espionage incidents have used "phishing" emails to trick targets into divulging secrets by impersonating known acquaintances, the report found.

Last week, news emerged that alleged Russian hackers exploited phishing to hack the White House and the State Department. 

Verizon executives acknowledge their study did not set out to attribute breaches to specific state actors or establish hard evidence espionage was a motivating factor.

"We are not doing this in a court of law,” said Jay Jacobs, a Verizon senior analyst and study co-author. “We don’t have to prove beyond a shadow of a doubt. We can go with some hunches. And we try not to for most of what we do. If we see something and all directions are pointing to the answer, we don’t have to have iron-clad proof.”

In one of the more grave hacks last spring, attackers compromised a database containing background histories and family information on applicants for U.S. government security clearances. E-QIP, where officials in sensitive positions file their SF-86 questionnaires, is believed to have been penetrated by Beijing-backed attackers. 

Separately, computers in the Ukrainian prime minister's office and at many of Ukraine's embassies abroad allegedly were infected with spyware linked to Russia, the Financial Times reported in August 2014. The Kremlin has been tussling with Ukraine and Western allies over sanctions imposed for invading Crimea.

In addition, iSIGHT Partners, a security consultancy, revealed last October that a hacking operation dubbed "Sandworm" was targeting Ukrainian and Polish government agencies, as well as the North Atlantic Treaty Organization.

The sectors most attractive to snoops were manufacturing, government and professional services, according to the study.

Professional services providers, which include lawyers, software developers and testing labs, are "typically smaller organizations that work for larger organizations,” Jacobs said. Prying eyes have discovered it is easier to infiltrate “the partner and the third-party dealing with that intellectual property than the source of the intellectual property itself.”

At the bottom of the list: financial services and health care. Retail did not even make the cut. While these industries saw more than their fair share of data breaches in 2014, the perpetrators typically weren’t after intellectual property, the report determined.

"Mainly what we see in health care is identity theft, getting the private information of individuals and then using that for fraud purposes," Jacobs said. 

Contributors to the report include universities, law enforcement authorities worldwide, and communications service providers, as well as cyber forensics firms from America, Russia and other countries. 

(Image via Finchen/ Shutterstock.com)