Russia is the source of the mammoth nation-state cyberattacks Microsoft has observed in the past year (58%), followed by North Korea (23%), Iran (11%), China (8%), and South Korea, Vietnam, and Turkey all with less than 1%, a new data reveals.
Microsoft Digital Defense Report pulls from a wealth of data to highlight trends in nation-state threats, cybercriminal activity, hybrid workforce security, disinformation and Internet of Things (IoT), operational technology (OT), and supply chain security.
The data shows Russian nation-state attacks are “increasingly effective,” climbing from a 21% successful compromise rate last year to a 32% rate this year. They are also targeting more government agencies for intelligence gathering, a target that jumped from 3% of their victims last year to 53% in 2021. Russian nation-state actors primarily target the United States, Ukraine, and the United Kingdom, Microsoft data shows.
Nearly 80% of nation-state activity targeted enterprises; 21% targeted consumers. The most targeted sectors were government (48%), NGOs and think tanks (31%), education (3%), intergovernmental organizations (3%), IT (2%), energy (1%), and media (1%). Microsoft has alerted customers of nation-state attack attempts 20,500 times in the past three years.
The tools nation-state attackers use are often the same other criminals use to breach target networks. Nation-states may “create or leverage bespoke malware, construct novel password spray infrastructure, or craft unique phishing or social engineering campaigns,”.China-linked Gadolinium, increasingly turn to open source tools or commonly used malware to target supply chains or launch MITM or DDoS attacks.
Microsoft has seen two positive trends: First, companies and governments are more forthcoming in the aftermath of an attack, which has emphasized the threat to governments around the world. Second, as more governments around the world recognize cybercrime as a threat to national security, they have made fighting it a priority. More governments are passing new laws that focus on reporting, collaborating, and sharing resources to fight attacks.
These attack trends are unfolding as businesses navigate the future of hybrid and remote work after a rapid shift to WFH, which created new attack surfaces for criminals, and a year of major security incidents, including attacks on SolarWinds and Colonial Pipeline, as well as those targeting on-premises Exchange Server vulnerabilities.
The focus for security teams looking toward a hybrid future is network access control,Azure Firewall signals reveal 2 trillion flows blocked in the past year, including malicious flows detected by threat intelligence engines and unwanted traffic blocked by firewall rules. Web application firewalls (WAFs) in the past year have had more than 25 billion rules triggered on a weekly basis, with 4% to 5% of incoming traffic on average deemed malicious.
Many of these attacks can be mitigated with the security basics: patching, keeping systems up-to-date, principle of least privilege, and MFA, he added.