Cyberattacks from Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate last year to a 32% rate this year.
This is one of the insights in the second annual Microsoft Digital Defense Report which covers the period from July 2020 to June 2021. The findings of the report cover trends across nation-state activity, cybercrime, supply chain security, hybrid work and disinformation.
Nation-State Activity
During the past year, 58% of all cyberattacks observed by Microsoft from nation-states have come from Russia. Russian nation-state actors are increasingly targeting government agencies for intelligence gathering which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security or defense.
The top three countries targeted by Russian nation-state actors were the United States, the UK and Ukraine.
After Russia, the largest volume of attacks observed came from North Korea, Iran and China. South Korea, Turkey (a new entrant to our reporting) and Vietnam were also active but represent much less volume.
While espionage is the most common goal for nation-state attacks, some attacker activities reveal other goals, including:
- Iran, which quadrupled its targeting of Israel in the past year and launched destructive attacks among heightened tensions between the two countries
- North Korea, which targeted cryptocurrency companies for profit as its economy was decimated by sanctions and Covid-19
- 21% of attacks Microsoft observed across nation-state actors targeted consumers and 79% targeted enterprises with the most targeted sectors being government (48%), NGOs and think tanks (31%), education (3%), intergovernmental organizations (3%), IT (2%), energy (1%) and media (1%).
Cybercrime
Cybercrime – especially ransomware – remains a serious and growing plague as evidenced in this year’s Microsoft Digital Defense Report.
But while nation-state actors mostly target victims with useful information, cybercriminals target victims with money. As a result, the targets often have a different profile.
Cybercrime attacks on critical infrastructure – such as the ransomware attack on Colonial Pipeline – often steal the headlines. However, the top five industries targeted in the past year based on ransomware engagements by our Detection and Response Team (DART) are consumer retail (13%), financial services (12%), manufacturing (12%), government (11%) and health care (9%).
The United States is by far the most targeted country, receiving more than triple the ransomware attacks of the next most targeted nation. The U.S. is followed by China, Japan, Germany and the United Arab Emirates.
Ransomware continues to be one of the largest cybercrime threats and, in the past year, it has continued to evolve to become more disruptive. Rather than focus on automated attacks that rely on volume and easily paid low demands to generate profit, human-operated ransomware uses intelligence gleaned from online sources, stealing and studying a victim’s financial and insurance documents and investigating compromised networks to select targets and set much higher ransom demands.
Fighting back in a hybrid work environment
As online threats increase in volume, sophistication and impact it is in the fitness of things that we must all take steps to strengthen the first line of defense. Deploying fundamental cybersecurity hygiene are basic steps we all must take.
One of the steps is to use strong authentication features like multifactor authentication, or MFA.
“In fact, if organizations just applied MFA, used anti-malware and kept their systems updated, they would be protected from over 99% of the attacks we see today,” says the report.
Of course, technology companies like Microsoft have an important role to play in developing secure software, developing advanced cybersecurity products and services for those customers that want to deploy them, and detecting and stopping threats.
“But organizations taking basic steps to protect themselves will go further than the most sophisticated steps tech companies and governments might take to protect them. The good news is that, in the past 18 months, we’ve seen a 220% increase in strong authentication usage as companies have thought about increasing their security posture in a remote work environment. The bad news is that we still have a long way to go. Part of the solution needs to be skilling up more cybersecurity professionals who can help organizations of all kinds stay secure, and we’ll have more to share on our work in this area in the coming weeks,” says the report.
There are three trends that give us hope.
Governments around the world are introducing and passing new laws requiring things like mandatory reporting when organizations discover cyberattacks so that appropriate government agencies have a sense for scope of the problem and can investigate incidents using their resources.
Both governments and companies are voluntarily coming forward when they’re the victims of attacks. This transparency helps everyone better understand the problem and enables increased engagement from government and first responders.
The U.S. government has taken unprecedented steps to address cybersecurity using laws and authority already on the books. The Executive Order announced in May has gone a long way to make the U.S. federal government and those it works with more secure, and the White House’s leadership in partnering with the private sector in the midst of the Exchange Server attacks by HAFNIUM earlier this year set a new standard for incident-related collaboration.
The trends are clear: nation-states are increasingly using, and will continue to use, cyberattacks for whatever their political objectives are, whether those are espionage, disruption or destruction. We anticipate more countries will join the list of those engaging in offensive cyber operations, and that those operations will become more brazen, persistent and damaging unless there are more serious consequences, says the study.
And the cybercrime market will continue to become more sophisticated and more specialized unless we all evolve our work to stop them. More work than ever is underway to counteract these concerns, but we will need to ensure they remain on the top of national and international agendas in the coming years, says the Microsoft report.