Britain and Germany were the most targeted countries by sophisticated cyberattacks across Europe, Middle East and Asia (EMEA) in the first half of 2014, according to a new report.
Nearly one in five (17 percent) of so-called advanced persistent threats (APT) were directed against Britain, while 12 percent were aimed at Germany, U.S.-listed security company FireEye revealed in a study. Saudi Arabia was also targeted with 10 percent of attacks.
APTs are complex attacks by hackers for which complicated techniques are used to sneak into a network and carry out prolonged information gathering attacks. They are often carried out by state-backed players or sophisticated criminals and have an element of human control, in contrast with some cyberattacks solely carried out by an automated piece of code.
Strong economies targeted
The report comes amid a growing number of attacks on major companies. U.S. investment bank JPMorgan was hit by a security breach that compromised the accounts of 76 million households and seven million small businesses. Retailer Kmart earlier this month said an undisclosed number of credit card numbers were stolen in a month-long breach.
The U.K. and Germany topped the list due to the fact that many international companies have headquarters there and their economies are appealing to hackers looking for financial gain, one expert said. "If I'm a criminal and I'm after revenue, I want to think what countries are doing well economically," Greg Day, FireEye's chief technology officer for EMEA, told CNBC by phone.
Day added that the U.K. and Germany's maturity in identifying attacks could also have put them at the top of the pile of targeted countries. The U.K. government classes cyberattacks as a "tier one" threat on par with terrorism. Britain's authorities have been putting in place measures to try and tackle the threat to critical infrastructure. GCHQ, the country's electronic spy agency, announced earlier this year it would share classified information with companies in an attempt to battle the threat of hackers.
The Bank of England also said it would carry out "cyber stress tests" on banks to see if they were vulnerable to attacks. Germany has also take steps to combat cyber threats. In August, the government proposed a law to force companies to report cyberattacks.
'Breadcrumb trail'
Government services were the biggest sector targeted by hackers, followed by financial services and telecoms. These three sectors combined accounted for over 50 percent of APT attacks. Day said tracing the country of the attack's origin was difficult due to the way criminals shifted information to different nations leading researchers to follow a "breadcrumb trail".
"One of the things we looked at was where the command and control goes to. That is not always the end answer but it is a starting point. The most prolific, U.K. and German attack communication was going back to the U.S.," Day said. "There is always the question if this means that the attack is from the U.S., or whether attacks are instigated from China and Russia but hackers are sending the data back to U.S. as an intentional misdirection."
