A silver lining in cyberattacks?


New research suggests government is less-popular target for cyberattackers than in years past.

The government might no longer be the bull's-eye for cyberattackers. Malicious actors increasingly sought out small businesses rather than government entities last year as targeted cyberattacks grew by 42 percent, according to a new report from Symantec.

The company’s research shows that the government was hit by 12 percent of cyberattacks last year, making it the fourth most-targeted industry. The No. 1 target was manufacturing, which was the subject of 24 percent of attacks. The shift reflects a change in strategy as hackers seek ways around the stronger defenses of large companies.

"Attacks against government and public-sector organizations fell from 25 percent in 2011, when it was the most-targeted sector, to 12 percent in 2012," Symantec's Internet Security Threat Report 2013 states. "It's likely [that] the frontline attacks are moving down the supply chain, particularly for small to medium-sized businesses."

The largest growth area for targeted attacks in 2012 was small business. Companies with fewer than 250 employees were the subject of 31 percent of all attacks, up from 18 percent in 2011. Half of all targeted attacks were aimed at companies with fewer than 2,500 employees.

"Attackers deterred by a large company's defenses often choose to breach the lesser defenses of a small business that has a business relationship with the attacker's ultimate target, using the smaller company to leapfrog into the larger one," the report states.

Additionally, the public sector -- including health care and education in addition to the government -- accounted for nearly two-thirds of identity breaches, according to the report. That finding could have broader implications than one might initially think, Symantec experts said.

"This suggests that the public sector should further increase efforts to protect personal information, particularly considering how these organizations are often looked upon as the custodians of information for the most vulnerable in society," the report notes. "Alternatively, this could indicate that the private sector may not be reporting all data breaches, given how many public-sector organizations are required by law to report breaches."

The study also states that malicious actors are increasingly doing their homework and launching attacks targeted at specific people within an organization, who increasingly include those in research and development and sales. The social engineering tactics might not be new, but they do appear to be on the rise.

Examples include “messages impersonating European Union officials, messages that appear to come from security agencies in the United States and target other government officials, or messages that piggyback announcements about new procurement plans from potential government clients such as the U.S. Air Force," the report states. "This shows extensive research, a sophisticated understanding of the motivation of recipients, and makes it much more likely that victims will open attachments that contain malware."

That finding seems to be in keeping with the overall growth in email phishing attacks. The government was subjected to the highest level of email traffic attacks last year, with 1 in 72.2 messages blocked as malicious, Symantec researchers found.

According to the report, the most dramatic findings related to so-called watering hole attacks that compromise and infect the websites targeted victims are likely to visit. For example, a malicious tracking script was placed on a human rights organization's website to potentially infect visitors using a zero-day vulnerability in Internet Explorer.

"Our data showed that within 24 hours, people in 500 different large companies and government organizations visited the site and ran the risk of infection," the report notes. "The attackers in this case, known as the Elderwood gang, used sophisticated tools and exploited zero-day vulnerabilities in their attacks, pointing to a well-resourced team backed by a large criminal organization or a nation state."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group