Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression – Microsoft On the Issues – Microsoft

Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression – Microsoft On the Issues – Microsoft

Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression – Microsoft On the Issues – Microsoft 1024 576 charlie

| Tom Burt – Corporate Vice President, Customer Security & Trust
On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year’s Microsoft Digital Defense Report provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world.
During the past year, cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks Microsoft detected to 40%. This spike was due, in large part, to Russia’s goal of damaging Ukrainian infrastructure, and aggressive espionage targeting of Ukraine’s allies, including the United States. Russia also accelerated its attempts to compromise IT firms as a way to disrupt or gain intelligence from those firms’ government agency customers in NATO member countries. 90% of Russian attacks we detected over the past year targeted NATO member states, and 48% of these attacks targeted IT firms based in NATO countries.
Critical infrastructure trends graph
Russia was not alone in pairing political and physical aggression with cyberattacks.
Many of the attacks coming from China are powered by its ability to find and compile “zero-day vulnerabilities” – unique unpatched holes in software not previously known to the security community. China’s collection of these vulnerabilities appears to have increased on the heels of a new law requiring entities in China to report vulnerabilities they discover to the government before sharing them with others.
While it’s tempting to focus on nation-state attacks as the most interesting cyberactivity from the past year, it would be a mistake to overlook other threats, particularly cybercrime, which impacts more users in the digital ecosystem than nation-state activity.
Cybercriminals continue to act as sophisticated profit enterprises
Cybercrime continues to rise as the industrialization of the cybercrime economy lowers the skill barrier to entry by providing greater access to tools and infrastructure. In the last year alone, the number of estimated password attacks per second increased by 74%. Many of these attacks fueled ransomware attacks, leading to ransom demands that more than doubled. However, these attacks were not spread evenly across all regions. In North America and Europe, we observed a drop in the overall number of ransomware cases reported to our response teams compared to 2021. At the same time, cases reported in Latin America increased. We also observed a steady year-over-year increase in phishing emails. While Covid-19 themes were less prevalent than in 2020, the war in Ukraine became a new phishing lure starting in early March 2022. Microsoft researchers observed a staggering increase of emails impersonating legitimate organizations soliciting cryptocurrency donations in Bitcoin and Ethereum, allegedly to support Ukrainian citizens.
Foreign actors are using highly effective techniques – often mirroring cyberattacks – to enable propaganda influence to erode trust and impact public opinion – domestically and internationally
Influence operations is a new section to our report this year as a result of our new investments in analysis and data science addressing this threat. We observed how Russia has worked hard to convince its citizens, and the citizens of many other countries, that its invasion of Ukraine was justified – while also sowing propaganda to discredit Covid-19 vaccines in the West while promoting their effectiveness at home. We also observed an increasing overlap between these operations and cyberattacks. In particular, influence operations use a familiar three-step approach:
Preposition launch and amplification of cyber influence operations
This three-step approach was applied in late 2021, for example, to support the Russian false narrative around purported bioweapons and biolabs in Ukraine. In addition to Russia, we have observed other nations, including China and Iran, deploying propaganda operations to extend their global influence on a range of issues.
Good cyber hygiene practices remain the best defense while the cloud provides the best physical and logical security against cyberattacks
This year’s report includes even more recommendations for how people and organizations can protect themselves from attacks. The biggest thing people can do is pay attention to the basics – enabling multi-factor authentication, applying security patches, being intentional about who has privileged access to systems, and deploying modern security solutions from any leading provider. The average enterprise has 3,500 connected devices that are not protected by basic endpoint protections, and attackers take advantage. It’s also critical to detect attacks early. In many cases, the outcome of a cyberattack is determined long before the attack begins. Attackers use vulnerable environments to gain initial access, conduct surveillance and wreak havoc by lateral movement and encryption or exfiltration. Finally, as this year’s report explores, we can’t ignore the human aspect. We have a shortage of security professionals – a problem that needs to be addressed by the private sector and governments alike – and organizations need to make security a part of their culture.
Tags: , , , , ,
| Brad Smith
| Rylin Rodgers
| Brad Smith
| Brad Smith
| Justin Spelhaug
| Mary Bellard
Have the latest posts sent right to your inbox. Enter your email below.
By providing your email address, you will receive email updates from the Microsoft on the Issues blog.

Follow us:


    Would you like to receive notifications on latest updates? No Yes