Romania, Bulgaria among most frequent sources of cyber-attacks – report

Eastern European countries, most notably Romania but also Bulgaria and Russia, were among the most frequent countries of origin for financially-motivated cyber-attacks in the past year, the latest Verizon Data Breach Investigations Report said.

The study analysed data from 19 organisations covering more than 47 000 reported security incidents and 621 confirmed data breaches in that time period. “Many of the stories that hit the headlines are from the US, but this year’s Data Breach Investigations Report (DBIR) profiles data breaches from 27 countries,” the report’s authors said.

The report said that the “threat actor’s” country of origin was discoverable in more than 75 per cent of the data breaches analysed, and the list included 40 different countries.

“The majority of financially motivated incidents involved actors in either the U.S. or Eastern European countries (e.g., Romania, Bulgaria, and the Russian Federation),” the report said.

Romania, in particular, accounted for 28 per cent of the cases where the source country has been identified, with all cyber-attacks originating there being financially motivated. Bulgaria was fourth on the list of countries, responsible for seven per cent of cyber attacks (largely financially motivated).

At the top of the list was China with 30 per cent of all cyber-attacks, the vast majority of them, however, motivated by espionage. In total, 96% of espionage cases were attributed to threat actors in China and the remaining four per cent were unknown, the report said.

“This may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today,” according to the report.

Attacks originating in the US accounted for 18 per cent (third most) and cyber-attacks from Russia stood at five per cent of the total (fifth most). The top is also includes The Netherlands, Armenia, Germany, Colombia and Brazil, each of them accounting for roughly about one per cent of the total number of data breaches examined by the report.

Organised crime actors, operating mainly in Eastern Europe and North America, targeted the finance, retail and food industries, using physical tampering, hacking and malware distribution. They targeted primarily ATMs, point-of-sale (POS) controllers and terminals, databases and desktops to gain access to payment card data, credentials and bank account information.

The other two types of threat actors were state-affiliated ones – operating mainly in East Asia, who targeted system information data, credentials and trade secrets in the manufacturing, transportation and professional industries – and activists, based mainly in Western Europe and North America, who went after information and public industries to get personal information, internal organisation data and credentials.

“Contrary to popular belief, 86 per cent of attacks do not involve employees or other insiders at all. Of the 14 per cent of attacks that do, it’s often lax internal practices that make gaining access easier than you would expect,” the report said.

Most insider breaches were deliberate and malicious in nature, and the majority arose from financial motives, but also included instances of “inappropriate behavior such as ‘bringing work home’ via personal e-mail accounts or sneakernetting data out on a USB drive against policy.”

(Read the full report here. Photo: Sachin Ghodke/



The Sofia Globe staff

The Sofia Globe - the Sofia-based fully independent English-language news and features website, covering Bulgaria, the Balkans and the EU. Sign up to subscribe to's daily bulletin through the form on our homepage.