In the letter: According to Microsoft, Russia is the source of most of the nation-state cyberattacks observed over the past year, followed by North Korea, Iran and China. In its latest Digital Defense Report, the company highlights trends in cybercrime that are growing in scope and sophistication from month to month.
Cyber attacks are on the rise, and Microsoft says Russian government-sponsored hackers are responsible for more campaigns than any other nation combined.
This year’s Digital Defense Report of the company draws from a large pool of data and focuses on a number of trends in the areas of cybercrime, supply chain security, hybrid work, disinformation and malicious activities by nation-state states such as data breaches and ransomware attacks.
In the report, Tom Burt, corporate vice president of Customer Security and Trust at Microsoft, says no less than 58 percent of all cyberattacks the company observed between July 2020 and June 2021 came from Russia alone. In addition, attacks from this region are becoming more and more effective – almost one in three manages to endanger the security of the target organizations or population groups.
More than half of the attacks by Russian nation-state actors appear to be directed against government agencies and medical institutions for information gathering in the areas of foreign policy and national security. The countries most heavily attacked were the USA, Great Britain and Ukraine.
Almost all of the remaining volume of nation-state activity came from China, Iran and North Korea. China is widely blamed for the SolarWinds and Exchange Server attacks, but it also has some of the most talented white hat hackers in the world. Some Chinese actors like CHROMIUM have been observed targeting neighboring countries for insight into their investments, negotiations and economic resilience plans. Others like NICKEL have done the same with government agencies in Europe and Central and South America.
Iranian hacking groups worked with Russian hackers to undermine the US presidential election last year. Microsoft’s report notes that Iran has recently stepped up its cyberattacks on Israel amid heightened tensions between the two countries.
North Korea has a long history of attacking cryptocurrency exchanges and mining operations to raise funds for its weapons program. However, when the pandemic hit the country’s already fragile economy, North Korean hackers from the infamous LAZARUS group turned to scanning card details from online shoppers and social engineering campaigns aimed at security researchers.
Overall, almost 80 percent of nation-state activities were aimed at companies and government organizations. In the past three years, Microsoft has warned customers no fewer than 20,500 times that malicious actors are attempting to attack their systems. The Redmond company is just one of many companies in the broader security community, so its visibility is limited to a subset of all cyberattacks.
Also Read: Afraid of Ransomware Attacks? How to protect yourself with the “Ransomware Protection” function built into Windows 10
Ransomware attacks are also getting worse as the campaigners have become bolder over the past year. Some of you may remember the attack on the Colonial Pipeline earlier this year, which sparked a strong government response. However, Microsoft notes that the top five sectors targeted by ransomware campaigns are consumer retail (13 percent), financial services (12 percent), government (11 percent), manufacturing (12 percent), and healthcare (nine percent).
Nor does it help that the “cybercrime-as-a-service” economy has quickly developed into a sprawling online marketplace where everyone – even the less tech-savvy among us – can get ransomware kits for just $ 66 can buy. Then there are compromised user credentials providers for a variety of services or organizations selling between $ 1 and $ 50 per set, and sometimes much more, depending on the perceived worth of the victim.
All of this is made possible by a diverse ecosystem of cryptocurrency escrow services that act as intermediaries between buyers and sellers. This has prompted the U.S. Department of Justice to form a new cryptocurrency enforcement team to deal with criminals who abuse digital tokens, which Microsoft says is a step in the right direction.
Another positive trend is that governments and businesses are moving closer together in reporting and dealing with cybersecurity incidents. Some countries are enacting and enacting new laws treating these incidents as a national security threat. A notable example is the Netherlands, which will use both intelligence and armed forces to respond to ransomware attacks – a decision that is likely to be mirrored in other countries in the coming years.
Finally, Microsoft addressed the challenges of developing better security for an increasingly hybrid workforce. Many companies are currently navigating the relatively unexplored waters of hybrid and remote work after being forced in that direction by the coronavirus pandemic. This has created a wider attack surface for cyber criminals, but the risks can be reduced by practicing basic cybersecurity hygiene.
One of the recommended steps is to have everyone in your organization use multi-factor authentication, which is one of the cheapest layers of security you can add. According to Microsoft, this alone can prevent 98 percent of the attacks we see today because someone who stole or bought credentials cannot effectively use them to breach your network.
The good news is that Microsoft has seen multi-factor authentication grow 220 percent at partner and customer companies. However, the company notes that we still have a long way to go before companies fully adopt stronger authentication methods.