A silver lining in cyberattacks?


New research suggests government is less-popular target for cyberattackers than in years past.

The government might no longer be the bull's-eye for cyberattackers. Malicious actors increasingly sought out small businesses rather than government entities last year as targeted cyberattacks grew by 42 percent, according to a new report from Symantec.

The company’s research shows that the government was hit by 12 percent of cyberattacks last year, making it the fourth most-targeted industry. The No. 1 target was manufacturing, which was the subject of 24 percent of attacks. The shift reflects a change in strategy as hackers seek ways around the stronger defenses of large companies.

"Attacks against government and public-sector organizations fell from 25 percent in 2011, when it was the most-targeted sector, to 12 percent in 2012," Symantec's Internet Security Threat Report 2013 states. "It's likely [that] the frontline attacks are moving down the supply chain, particularly for small to medium-sized businesses."

The largest growth area for targeted attacks in 2012 was small business. Companies with fewer than 250 employees were the subject of 31 percent of all attacks, up from 18 percent in 2011. Half of all targeted attacks were aimed at companies with fewer than 2,500 employees.

"Attackers deterred by a large company's defenses often choose to breach the lesser defenses of a small business that has a business relationship with the attacker's ultimate target, using the smaller company to leapfrog into the larger one," the report states.

Additionally, the public sector -- including health care and education in addition to the government -- accounted for nearly two-thirds of identity breaches, according to the report. That finding could have broader implications than one might initially think, Symantec experts said.

"This suggests that the public sector should further increase efforts to protect personal information, particularly considering how these organizations are often looked upon as the custodians of information for the most vulnerable in society," the report notes. "Alternatively, this could indicate that the private sector may not be reporting all data breaches, given how many public-sector organizations are required by law to report breaches."

The study also states that malicious actors are increasingly doing their homework and launching attacks targeted at specific people within an organization, who increasingly include those in research and development and sales. The social engineering tactics might not be new, but they do appear to be on the rise.

Examples include “messages impersonating European Union officials, messages that appear to come from security agencies in the United States and target other government officials, or messages that piggyback announcements about new procurement plans from potential government clients such as the U.S. Air Force," the report states. "This shows extensive research, a sophisticated understanding of the motivation of recipients, and makes it much more likely that victims will open attachments that contain malware."

That finding seems to be in keeping with the overall growth in email phishing attacks. The government was subjected to the highest level of email traffic attacks last year, with 1 in 72.2 messages blocked as malicious, Symantec researchers found.

According to the report, the most dramatic findings related to so-called watering hole attacks that compromise and infect the websites targeted victims are likely to visit. For example, a malicious tracking script was placed on a human rights organization's website to potentially infect visitors using a zero-day vulnerability in Internet Explorer.

"Our data showed that within 24 hours, people in 500 different large companies and government organizations visited the site and ran the risk of infection," the report notes. "The attackers in this case, known as the Elderwood gang, used sophisticated tools and exploited zero-day vulnerabilities in their attacks, pointing to a well-resourced team backed by a large criminal organization or a nation state."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.


  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images /

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group