On 23 February 2022, the world of cybersecurity entered a new era, the era of hybrid warfare, as Russia launched both physical and digital attacks against Ukraine.
We’re sharing with you the findings of this year’s Microsoft Digital Defence Report, which provides new details on these attacks and the rise of cyber aggression by authoritarian leaders around the world.
Over the past year, the number of cyberattacks targeting critical infrastructure jumped from 20% of all nation-state attacks detected by Microsoft to 40%. This spike was largely attributed to Russia’s goal of damaging Ukrainian infrastructure and aggressive espionage targeting of Ukraine’s allies, including the United States. russia has also accelerated its attempts to compromise IT companies to disrupt or obtain intelligence from the clients of these firms’ government agencies in NATO member states. 90% of Russian attacks detected last year targeted NATO member states, and 48% of these attacks targeted IT companies located in NATO countries.
russia was not the only country to combine political and physical aggression with cyber attacks.
Iran stepped up bold attacks after the transition of presidential power. They have launched destructive attacks targeting Israel, as well as extortion and hacking operations and information leakage beyond regional adversaries to US and EU targets, including US critical infrastructure such as port authorities. In at least one case, Microsoft detected an attack disguised as ransomware that aimed to wipe Israeli data.
As North Korea began its most aggressive period of missile testing in the first half of 2022, one of its members launched a series of attacks to steal technology from aerospace companies and researchers around the world. Another North Korean organisation tried to gain access to global news organisations reporting on the situation in the country. And yet a third actor continued to try, often unsuccessfully, to infiltrate cryptocurrency firms to steal funds to support their country’s economy.
China has stepped up espionage and cyberattacks to steal information in an effort to increase its regional influence in Southeast Asia and counter growing U.S. interest. In February and March, a Chinese actor attacked 100 accounts associated with a prominent intergovernmental organisation in Southeast Asia, just after a meeting between the US government and China’s regional leaders was announced. Immediately after China and Solomon Islands signed a military agreement, Microsoft discovered malware from a Chinese hacker on Solomon Islands government systems. China has also used its cyber capabilities in campaigns targeting countries to the south, including Namibia, Mauritius and Trinidad and Tobago, among others.
Many attacks from China are driven by its ability to find and compile “zero-day vulnerabilities” – unique unpatched holes in software that were previously unknown to the security community. The number of these vulnerabilities in China appears to have increased following the passage of a new law requiring organisations in China to report vulnerabilities they discover to the government before sharing them with others.
This year’s report includes even more recommendations on how individuals and organisations can protect themselves from attacks.
The biggest thing people can do is pay attention to the basics – enabling multi-factor authentication, applying security patches, clearly defining who has privileged access to systems, and deploying up-to-date security solutions from any leading vendor.
The average enterprise has 3,500 connected devices that are not protected by basic endpoint security, and attackers are taking advantage of this. It is also important to detect attacks in a timely manner. In many cases, the outcome of a cyberattack is determined long before the attack begins. Attackers exploit vulnerable environments to gain initial access, conduct surveillance, and wreak havoc through lateral movement and encryption or exfiltration.
Finally, as this year’s report explores, we cannot ignore the human aspect. We have a shortage of security professionals – a problem that both the private sector and governments need to address – and organisations need to make security part of their culture.