Cyber attacks have positioned themselves as one of the main threats faced by governments around the world, and according to a recent Microsoft report, those endorsed by certain nation states have seen a significant increase.
According to Microsoft’s annual Digital Defense report, over the past year nation-state cyberattacks targeting critical infrastructure have increased from 20% to 40%. According to the technology company, this rise was largely due to Russia’s goal of damaging Ukrainian infrastructure and cyberespionage directed at Ukraine’s allies, including the United States.
Russia has also stepped up its attempts to compromise IT companies to disrupt or obtain intelligence from those companies’ government clients in NATO member countries. 90% of Russian cyberattacks detected by Microsoft last year targeted NATO member states; 48% went to IT companies established in the member countries of the same.
Iran and North Korea also carried out various cyberattack campaigns.
Russia was not the only country to launch aggressive political and physical actions through cyberattacks.
The report reveals that Iranian cybercriminals escalated their attacks after the transition of presidential power. Specifically, they launched various destructive cyberattacks against Israel, as well as ransomware and hack-and-leak operations against the United States and the European Union; including US critical infrastructure such as port authorities.
Microsoft detected an attack disguised as ransomware intended to wipe Israeli data. In another, an Iranian cybercriminal executed an attack that triggered airstrike emergency sirens in Israel.
In the case of North Korea, one of its cybercriminals launched a series of attacks to steal technology from researchers and aerospace companies. Another North Korean cybercriminal gained access to global news outlets that write about the country and various Christian groups. And a third cybercriminal continued to try, unsuccessfully, to break into cryptocurrency companies to steal funds in support of the economic situation in his country.
Cyberattacks originating from China were of particular attention
For its part, China has increased its cyber espionage and information theft attacks in a bid to exert more regional influence in Southeast Asia and counter growing interest from the United States, according to the report.
In February and March, a Chinese cybercriminal targeted 100 accounts affiliated with a prominent intergovernmental organization in Southeast Asia after it announced a meeting between the US government and regional leaders.
Just after China and the Solomon Islands signed a military agreement, Microsoft detected malware from a Chinese cybercriminal on Solomon Islands government systems. China has also used its cyber capabilities in campaigns targeting developing countries, including Namibia, Mauritius, and Trinidad and Tobago, among others.
The report adds that many of the cyberattacks originating from China have the ability to find and compile “zero-day vulnerabilities”: unpatched holes in software that go missing from the security community.
China’s collection of these vulnerabilities appears to have expanded on the heels of a new law requiring entities in the country to report vulnerabilities they discover to the government before sharing them with others.
Cybercriminals continue to act as profit makers
The report adds that cybercrime is on the rise as the industrialization of its economy lowers the skill barrier and provides greater access to tools and infrastructure.
In the last year alone, the estimated number of password cyberattacks per second increased by 74%. Many of these were ransomware, which doubled the ransom demands. However, these attacks were not spread evenly across all regions.
In North America and Europe, Microsoft saw a decrease in the number of ransomware cases reported to its response teams compared to 2021; in contrast, reported cases in Latin America increased.
Microsoft also detected a steady annual increase in phishing emails. In fact, the war in Ukraine became the new bait for this threat, beginning in early March 2022.
Specifically, the report indicates that there was an increase in phishing emails posing as organizations requesting cryptocurrency donations in Bitcoin and Ethereum, supposedly to support Ukrainian citizens.
Good cyber hygiene practices remain the best defense against cyber attacks
This year’s report includes recommendations for both individuals and organizations to protect themselves against cyberattacks; These include enabling multifactor authentication, applying security patches, and implementing cybersecurity solutions from recognized vendors.
Microsoft adds that it is critical to detect cyberattacks as early as possible since, in many cases, the outcome of one is determined long before it starts. Attackers use vulnerable environments to gain initial access, surveillance, and wreak havoc through lateral movement and encryption or exfiltration.
Lastly, the tech company says the human element cannot be ignored, as there is a shortage of cybersecurity professionals—both in the private and public sectors—and organizations need to embed security as part of their culture.