Nation-state cyberattacks targeting critical infrastructure are rising as countries continue to leverage technology to carry out advanced cyberattacks in addition to physical warfare, according to Microsoft’s latest Digital Defense Report.
Much of the report focuses on the ongoing Russian war against Ukraine—which Microsoft attributes as a main cause of a spike in cyberattacks targeting critical infrastructure—while other sections touch on ransomware, devices and infrastructure, cyber influence campaigns, and protections.
The nation-state threat landscape
According to the Redmond, Wash.-based tech giant, cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks to 40%, due in large part to Russia targeting Ukraine’s infrastructure and its espionage of Ukraine’s allies.
In addition, Microsoft says nation states such as Russia are also accelerating attempts to compromise IT firms to disrupt or gain intelligence from those firms’ government customers in NATO member countries.
According to Microsoft, 90% of Russia’s attacks over the past year targeted NATO Member states, and 48% of these attacks targeted IT providers based in those countries.
The trend represents a new strategy on the geopolitical stage in which cyberattacks are carried out in before or in conjunction with physical attacks. Microsoft says Russian cyber actors carried out destructive cyberattacks against its neighbor’s government, tech and financial sectors before launching a physical military campaign.
However, other U.S. adversaries are also engaging in similar behavior, such as Iran, North Korea and China, all of which Microsoft says have carried out cyberattacks designed to benefit the respective countries.
Cybercrime sophistication continues to grow
While nation-state attacks get most of the attention as they are national security threats, profit-fueled cyberattacks are also on the rise, as the cybercrime economy continues to lower the skill barrier to entry.
According to Microsoft, the number of estimated password attacks per second increased in the last year by 74%, with many leading to ransomware attacks which are asking for higher and higher ransoms. The company says the average ransom demands have more than doubled.
The cybersecurity industry is improving and is blocking many attacks, but cybercriminals are also adapting their techniques and increasing the complexity of how and where they host campaign operation infrastructure, according to the report.
Human-operated ransomware is becoming particularly alarming, as one-third of targets are successfully compromised by criminals using these attacks, and 5% of those are ransomed.
The Internet of Threats (IoT)
Microsoft’s report also touches on threats posed to the growing list of internet-facing devices and the Internet of Things (IoT), which are becoming a favorite target of hackers due to the lack of built-in security controls.
According to the report, attacks against remote management devices have increased steadily since June 2021, and web attacks against IoT and operational technology (OT) devices have largely ebbed and flowed over the last year, with a large spike in the September 2021.
In the past year, Microsoft says it observed attacks against common IoT protocols—such as Telnet— drop significantly, in some cases as much as 60 percent. At the same time, botnets were repurposed by cybercrime groups and nation state actors. The report says the persistence of malware, such as Mirai, highlights the modularity of these attacks and the adaptability of existing threats.
According to Microsoft’s Digital Defense Report, Mirai—which has been redesigned several times to adapt to different architectures—has evolved to infect a wide range of IoT devices including internet protocol cameras, security camera digital video recorders, and routers. The attack vector bypassed legacy security controls and poses a risk for endpoints within the network by exploiting additional vulnerabilities and moving laterally.
Cyber resilience
Microsoft calls on organizations to adopt good cybersecurity practices and hygiene, which many recommendations already established best practices. For example, Microsoft urges customers to pay attention to the basics, such as multi-factor authentication, patching, and deploying modern security solutions.
The company says 80% of security incidents can be traced to “ a few missing elements” that could be addressed through modern security approaches, and 90% of compromised accounts were not protected with strong authentication. This comes as Microsoft says it is defending against 900 password attacks per second.
In addition, Microsoft says organizations should apply Zero Trust security principles.
In a blog, Tom Burt, corporate vice president of customer security and trust at Microsoft says the average enterprise has 3,500 connected devices that are not protected, and organizations are struggling to detect attacks in time.
Finally, as this year’s report explores, we can’t ignore the human aspect,” Burt writes. “We have a shortage of security professionals – a problem that needs to be addressed by the private sector and governments alike – and organizations need to make security a part of their culture.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply