Nation-State Cyber Attacks Against Critical Infrastructure Doubled in the Past 12 Months | – Spiceworks News and Insights
According to Microsoft’s Digital Defense Report 2022, nation-state threat activities from Russia, Iran, North Korea, and China have increased since the start of the Ukrainian conflict.
Cyberattacks perpetrated by nation-state groups surged significantly in the past year. According to the Microsoft Digital Defense Report 2022, the ongoing conflict in Ukraine was the turning point in nation-state activity against critical infrastructure and cyber avenues.
Microsoft assessed that the proportion of nation-state attacks, i.e., those with technological, financial or other support from a sovereign state, against critical infrastructure doubled from 20% to 40% between July 2021 and June 2022.
Redmond attributed the origin of a significant chunk of these attacks to Russia, which is trying to cripple Ukrainian capabilities to counter its advances. Consequently, as much as 64% of the Russian threat activity against known targets was directed at Ukraine-based organizations since the war commenced on February 23, 2022.
Government entities were the most targeted (27%), followed by infotech (10%), financial (8%), media (9%), energy (8%), transportation (7%), communication (7%), finance (5%), and others.
The report also outlines Russian efforts to gain the upper hand in the conflict by targeting Ukraine’s allies, including the U.S. and the U.K., in cyber espionage campaigns for valuable information. Additionally, Ukraine’s cyber resiliency efforts since February include migrating workloads and data to the cloud outside its territory.
“Before the invasion of Ukraine, governments thought that data needed to stay inside a country in order to be secure. After the invasion, migrating data to the cloud and moving outside territorial borders is now a part of resiliency planning and good governance,” said Cristin Flynn Goodwin, associate general counsel for customer security & trust at Microsoft.
Overall, 90% of Russian attacks targeted NATO member states, while 48% targeted IT firms based in NATO countries. The top-targeted countries and sectors in attacks originating from Russia were:
Top Targeted Countries and Sectors by Russian State-Sponsored Groups | Source: Microsoft
Besides attacks from Russian nation-state groups, Microsoft also noted an uptick in attacks from Iranian, North Korean and Chinese state-sponsored groups.
Iran’s cyber activities even led to diplomatic strife with Albania, which cut off ties with the middle eastern country. Iran also set off emergency rocket sirens in Israel, its all-weather foe, in an attack disguised as a ransomware incident and carried out other ransomware and hack-and-leak operations against Jerusalem.
See More: Global Cybersecurity Workforce Gap Up 26% to 3.4M, Finds (ISC)²’s 2022 Study
“Iranian actors escalated bold attacks following a transition of presidential power,” noted Tom Burt, Microsoft’s corporate vice president for customer security & trust. Overall, the U.S. was at the receiving end of most of the cyber attacks launched by Iranian state-sponsored groups.
“The hawkish views of the Raisi [Ibrahim Raisi replaced Hassan Rouhani as the Iranian president in 2021] administration appear to have raised the willingness of Iranian actors to take bolder action against Israel and the West, particularly the United States, despite the resumption of diplomatic engagement to revive the nuclear deal with Iran,” Microsoft stated.
Top Targeted Countries and Sectors by Iranian State-Sponsored Groups | Source: Microsoft
Meanwhile, multiple sectors have been the victims of the Kim Jong-un regime’s resolve to manage internal issues. In the last year, North Korean nation-state groups targeted aerospace companies for relevant defense tech, cryptocurrency exchanges (financial services) to bankroll the country’s economy, and news outlets, aid organizations, etc., to maintain domestic stability.
Top Targeted Countries and Sectors by North Korean State-Sponsored Groups | Source: Microsoft
Finally, China’s global military, trade and economic ambitions have led them to escalate cyber espionage and information-stealing efforts, particularly against southeast Asian nations and other countries from the global south, including those in the Pacific.
“Chinese state and state-affiliated threat groups increased targeting of smaller nations around the globe with a focus on Southeast Asia to gain competitive advantage on all fronts,” Microsoft said. However, the U.S. remained the most-targeted country by Chinese threat actors.
See More: Top Cybersecurity Threats in 2022 That Businesses Are Worried About
Top Targeted Countries and Sectors by Chinese State-Sponsored Groups | Source: Microsoft
“China is being more assertive with their stance on foreign policy. We assess cyber-enabled economic espionage and intelligence collection will likely continue,” Microsoft said.
Geopolitics spilling over into the cybersphere isn’t really a new phenomenon. However, an ever-increasing prevalence of cyberthreats on not just government entities but private companies from multiple sectors, critical infrastructure (whether public or private) through rapid vulnerability exploitation, password/credential theft, supply chain compromise, or anything else, is indicative of a need for consistent upgrades to cyber resilience.
Microsoft has called for a global framework to keep reckless and often malicious cyber operations in check. The company said, “Nation-state actors and attacks are increasing in volume and sophistication, creating a situation that is untenable.”
“Immediate action is imperative,” the tech giant added. “Multilateral institutions must be reimagined to address the pressing challenge of nation state cyberattacks.”
Microsoft’s report doesn’t quantify or mention nation-state activity originating from the U.S.
Note: The 114-page Microsoft Digital Defense Report 2022 is based on its analysis of 43 trillion signals it synthesizes daily using data analytics and AI algorithms and contributions from over 8,500 security and threat intelligence experts across 77 countries. Besides Nation State Threats, the report covers the State of Cybercrime, Devices and Infrastructure, and Cyber Influence Operations observed between July 2021 and June 2022.
During the same period, Microsoft blocked 34.7 billion identity threats, and 37 billion email threats and suggested Cyber Resilience activities that organizations should undertake to keep threats at bay.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
Asst. Editor, Spiceworks Ziff Davis
On June 22, Toolbox will become Spiceworks News & Insights