A silver lining in cyberattacks?

New research suggests government is a less-popular target for cyberattackers than in years past.

Cybersecurity

New research suggests government is less-popular target for cyberattackers than in years past.

The government might no longer be the bull's-eye for cyberattackers. Malicious actors increasingly sought out small businesses rather than government entities last year as targeted cyberattacks grew by 42 percent, according to a new report from Symantec.

The company’s research shows that the government was hit by 12 percent of cyberattacks last year, making it the fourth most-targeted industry. The No. 1 target was manufacturing, which was the subject of 24 percent of attacks. The shift reflects a change in strategy as hackers seek ways around the stronger defenses of large companies.

"Attacks against government and public-sector organizations fell from 25 percent in 2011, when it was the most-targeted sector, to 12 percent in 2012," Symantec's Internet Security Threat Report 2013 states. "It's likely [that] the frontline attacks are moving down the supply chain, particularly for small to medium-sized businesses."

The largest growth area for targeted attacks in 2012 was small business. Companies with fewer than 250 employees were the subject of 31 percent of all attacks, up from 18 percent in 2011. Half of all targeted attacks were aimed at companies with fewer than 2,500 employees.

"Attackers deterred by a large company's defenses often choose to breach the lesser defenses of a small business that has a business relationship with the attacker's ultimate target, using the smaller company to leapfrog into the larger one," the report states.

Additionally, the public sector -- including health care and education in addition to the government -- accounted for nearly two-thirds of identity breaches, according to the report. That finding could have broader implications than one might initially think, Symantec experts said.

"This suggests that the public sector should further increase efforts to protect personal information, particularly considering how these organizations are often looked upon as the custodians of information for the most vulnerable in society," the report notes. "Alternatively, this could indicate that the private sector may not be reporting all data breaches, given how many public-sector organizations are required by law to report breaches."

The study also states that malicious actors are increasingly doing their homework and launching attacks targeted at specific people within an organization, who increasingly include those in research and development and sales. The social engineering tactics might not be new, but they do appear to be on the rise.

Examples include “messages impersonating European Union officials, messages that appear to come from security agencies in the United States and target other government officials, or messages that piggyback announcements about new procurement plans from potential government clients such as the U.S. Air Force," the report states. "This shows extensive research, a sophisticated understanding of the motivation of recipients, and makes it much more likely that victims will open attachments that contain malware."

That finding seems to be in keeping with the overall growth in email phishing attacks. The government was subjected to the highest level of email traffic attacks last year, with 1 in 72.2 messages blocked as malicious, Symantec researchers found.

According to the report, the most dramatic findings related to so-called watering hole attacks that compromise and infect the websites targeted victims are likely to visit. For example, a malicious tracking script was placed on a human rights organization's website to potentially infect visitors using a zero-day vulnerability in Internet Explorer.

"Our data showed that within 24 hours, people in 500 different large companies and government organizations visited the site and ran the risk of infection," the report notes. "The attackers in this case, known as the Elderwood gang, used sophisticated tools and exploited zero-day vulnerabilities in their attacks, pointing to a well-resourced team backed by a large criminal organization or a nation state."