Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations

Cyber Security Threat Summary:
According to Microsoft’s latest Digital Defense Report, Ukraine, the United States, and Israel were the most targeted countries based on state-sponsored threat activity observed by the tech giant against organizations in more than 120 countries. Based on intel gathered between July 2022 and June 2023, the majority of cyber attacks observed were fueled by nation-state spying and influence operations, with 40% of all observed attacks targeting critical infrastructure organizations. Although most cyberattacks launched last year were focused on destruction or financial gain with ransomware, Microsoft notes that threat actors are now more focused on conducting cyber espionage and spreading propaganda to meet geopolitical agendas. Some examples of this activity highlighted by Microsoft include:

  • Russian intelligence agencies have refocused their cyberattacks on espionage activity in support of their war against Ukraine while continuing destructive cyberattacks in Ukraine and broader espionage efforts
  • Iranian efforts, once focused on taking down the networks of their targets, are also inclined today to amplify manipulative messages to further geopolitical goals or tap into data flowing through sensitive networks
  • China has expanded its use of spying campaigns to gain intelligence to fuel its Belt and Road Initiative or regional politics, to spy on the U.S. including key facilities for the U.S. military, and to establish access to the networks of critical infrastructure entities
  • North Korean actors have been trying to covertly steal secrets; they’ve targeted a company involved in submarine technology, while separately using cyberattacks to steal hundreds of millions in cryptocurrency
Taking a look at the broader threat landscape, Microsoft has observed a 200% increase in human-operated ransomware attacks since September 2022. “These attacks are generally a “hands-on keyboard” type of attack rather than an automated one, typically targeting a whole organization with customized ransom demands” noted the tech giant. A notable aspect of these attacks is that ransomware actors are resorting to remote encryption as a way to minimize their footprint.

Microsoft states that Artificial Intelligence (AI) is now playing a major role in the cyber threat landscape. Although AI is being leveraged by organizations to automate and augment aspects of cybersecurity such as threat detection, response, analysis, and response, threat actors are also using the technology for malicious purposes including refining phishing messages, which are becoming harder to detect than before.

Security Officer Comments:
Ever since Russia’s invasion of Ukraine, nation-state activity has surged, with Ukraine being the target of 50% of all attacks launched by Russia in the first six weeks of the war. Allies of Ukraine have suffered the same predicament, with Microsoft observing a spike in activity against Western organizations, 46% of which were in NATO member states. Over the weekend, Hamas, a Palestinian militant group, launched a barrage of missile strikes targeting Israel, leaving thousands of bystanders injured. With Israel now declaring war against the Hamas group, we could see a further increase in cyberattacks, especially those targeting the United States, which is a key ally of Israel.

Suggested Correction(s):
In light of the escalating threat posed by cybercrime and nation-state activities, it is imperative for organizations to remain vigilant and prioritize enhancing organizational security. By doing so, organizations can defend against potential cyberattacks, safeguarding sensitive data and ensuring the integrity of their operations. According to Microsoft, 80% of all compromises originated from unmanaged or bring-your-own devices. As such, organizations should work towards refining their BYOD policies, reminding employees of the risks of using personal devices for work-related tasks. Microsoft notes that ransomware actors are also increasingly exploiting exploiting vulnerabilities in less common software, highlighting the importance of organizations to regularly apply security updates, whenever they are readily available.