{"id":129469,"date":"2022-11-04T13:29:23","date_gmt":"2022-11-04T13:29:23","guid":{"rendered":"https:\/\/news.microsoft.com\/?p=447586"},"modified":"2022-11-04T13:29:23","modified_gmt":"2022-11-04T13:29:23","slug":"nation-state-cyberattacks-become-more-brazen-as-authoritarian-leaders-ramp-up-aggression","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2022\/11\/04\/nation-state-cyberattacks-become-more-brazen-as-authoritarian-leaders-ramp-up-aggression\/","title":{"rendered":"Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression"},"content":{"rendered":"<p>On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year\u2019s <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/microsoft-digital-defense-report-2022\">Microsoft Digital Defense Report<\/a> provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world.<\/p>\n<p>During the past year, cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks Microsoft detected to 40%. This spike was due, in large part, to Russia\u2019s goal of damaging Ukrainian infrastructure, and aggressive espionage targeting of Ukraine\u2019s allies, including the United States. Russia also accelerated its attempts to compromise IT firms as a way to disrupt or gain intelligence from those firms\u2019 government agency customers in NATO member countries. 90% of Russian attacks we detected over the past year targeted NATO member states, and 48% of these attacks targeted IT firms based in NATO countries.<\/p>\n<p><a href=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/11\/nation-state-cyberattacks-become-more-brazen-as-authoritarian-leaders-ramp-up-aggression.png\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-65432 size-full\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/11\/nation-state-cyberattacks-become-more-brazen-as-authoritarian-leaders-ramp-up-aggression.png\" alt=\"Critical infrastructure trends graph\" width=\"1950\" height=\"1029\"><\/a><\/p>\n<p>Russia was not alone in pairing political and physical aggression with cyberattacks.<\/p>\n<ul>\n<li>Iranian actors escalated bold attacks following a transition of presidential power. They launched destructive attacks targeting Israel, and ransomware and hack-and-leak operations beyond regional adversaries to U.S. and EU victims, including U.S. critical infrastructure targets like port authorities. In at least one case, Microsoft detected an attack disguised as a ransomware attack that was intended to erase Israeli data. In another, an Iranian actor executed an attack that set off emergency rocket sirens in Israel.<\/li>\n<\/ul>\n<ul>\n<li>As North Korea embarked on its most aggressive period of missile testing in the first half of 2022, one of its actors launched a series of attacks to steal technology from aerospace companies and researchers around the world. Another North Korean actor worked to gain access to global news organizations that report on the country, and to Christian groups. And yet a third actor continued attempts, often without success, to break into cryptocurrency firms to steal funds in support of the country\u2019s struggling economy.<\/li>\n<\/ul>\n<ul>\n<li>China increased its espionage and information stealing cyberattacks as it attempted to exert more regional influence in Southeast Asia and counter growing interest from the U.S. In February and March, one Chinese actor targeted 100 accounts affiliated with a prominent intergovernmental organization in Southeast Asia just as the organization announced a meeting between the U.S. government and regional leaders. Just after China and the Solomon Islands signed a military agreement, Microsoft detected malware from a Chinese actor on the systems of the Solomon Islands government. China also used its cyber capabilities in campaigns targeting nations across the global south, including Namibia, Mauritius, and Trinidad and Tobago, among others.<\/li>\n<\/ul>\n<p>Many of the attacks coming from China are powered by its ability to find and compile \u201czero-day vulnerabilities\u201d \u2013 unique unpatched holes in software not previously known to the security community. China\u2019s collection of these vulnerabilities appears to have increased on the heels of a new law requiring entities in China to report vulnerabilities they discover to the government before sharing them with others.<\/p>\n<p>While it\u2019s tempting to focus on nation-state attacks as the most interesting cyberactivity from the past year, it would be a mistake to overlook other threats, particularly cybercrime, which impacts more users in the digital ecosystem than nation-state activity.<\/p>\n<p><strong>Cybercriminals continue to act as sophisticated profit enterprises<\/strong><\/p>\n<p>Cybercrime continues to rise as the industrialization of the cybercrime economy lowers the skill barrier to entry by providing greater access to tools and infrastructure. In the last year alone, the number of estimated password attacks per second increased by 74%. Many of these attacks fueled ransomware attacks, leading to ransom demands that more than doubled. However, these attacks were not spread evenly across all regions. In North America and Europe, we observed a drop in the overall number of ransomware cases reported to our response teams compared to 2021. At the same time, cases reported in Latin America increased. We also observed a steady year-over-year increase in phishing emails. While Covid-19 themes were less prevalent than in 2020, the war in Ukraine became a new phishing lure starting in early March 2022. Microsoft researchers observed a staggering increase of emails impersonating legitimate organizations soliciting cryptocurrency donations in Bitcoin and Ethereum, allegedly to support Ukrainian citizens.<\/p>\n<p><strong>Foreign actors are using highly effective techniques \u2013 often mirroring cyberattacks \u2013 to enable propaganda influence to erode trust and impact public opinion \u2013 domestically and internationally<\/strong><\/p>\n<p>Influence operations is a new section to our report this year as a result of our new investments in analysis and data science addressing this threat. We observed how Russia has worked hard to convince its citizens, and the citizens of many other countries, that its invasion of Ukraine was justified \u2013 while also sowing propaganda to discredit Covid-19 vaccines in the West while promoting their effectiveness at home. We also observed an increasing overlap between these operations and cyberattacks. In particular, influence operations use a familiar three-step approach:<\/p>\n<ol>\n<li>Cyber influence operations pre-position false narratives in the public domain like attackers pre-position malware within an organization\u2019s computer network.<\/li>\n<li>A coordinated campaign is launched \u2013 often at the time most beneficial to achieve the goals of the actor \u2013 to propagate narratives through government-backed and influenced media outlets and social media channels.<\/li>\n<li>A nation state-controlled media and proxies amplify narratives inside targeted audiences.<\/li>\n<\/ol>\n<p><a href=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/11\/nation-state-cyberattacks-become-more-brazen-as-authoritarian-leaders-ramp-up-aggression-1.png\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-65434 size-full\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/11\/nation-state-cyberattacks-become-more-brazen-as-authoritarian-leaders-ramp-up-aggression-1.png\" alt=\"Preposition launch and amplification of cyber influence operations\" width=\"1851\" height=\"576\"><\/a><\/p>\n<p>This three-step approach was applied in late 2021, for example, to support the Russian false narrative around purported bioweapons and biolabs in Ukraine. In addition to Russia, we have observed other nations, including China and Iran, deploying propaganda operations to extend their global influence on a range of issues.<\/p>\n<p><strong>Good cyber hygiene practices remain the best defense while the cloud provides the best physical and logical security against cyberattacks<\/strong><\/p>\n<p>This year\u2019s report includes even more recommendations for how people and organizations can protect themselves from attacks. The biggest thing people can do is pay attention to the basics \u2013 enabling multi-factor authentication, applying security patches, being intentional about who has privileged access to systems, and deploying modern security solutions from any leading provider. The average enterprise has 3,500 connected devices that are not protected by basic endpoint protections, and attackers take advantage. It\u2019s also critical to detect attacks early. In many cases, the outcome of a cyberattack is determined long before the attack begins. Attackers use vulnerable environments to gain initial access, conduct surveillance and wreak havoc by lateral movement and encryption or exfiltration. Finally, as this year\u2019s report explores, we can\u2019t ignore the human aspect. We have a shortage of security professionals \u2013 a problem that needs to be addressed by the private sector and governments alike \u2013 and organizations need to make security a part of their culture.<\/p>\n<p class=\"tag-list\">Tags: <a aria-label=\"See more stories about COVID-19\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/covid-19\/\" rel=\"tag\">COVID-19<\/a>, <a aria-label=\"See more stories about cyberattacks\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/cyberattacks\/\" rel=\"tag\">cyberattacks<\/a>, <a aria-label=\"See more stories about cybersecurity\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/cybersecurity-2\/\" rel=\"tag\">cybersecurity<\/a>, <a aria-label=\"See more stories about Microsoft Cloud\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/microsoft-cloud\/\" rel=\"tag\">Microsoft Cloud<\/a>, <a aria-label=\"See more stories about Microsoft Digital Defense Report\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/microsoft-digital-defense-report\/\" rel=\"tag\">Microsoft Digital Defense Report<\/a>, <a aria-label=\"See more stories about Ukraine\" href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/tag\/ukraine\/\" rel=\"tag\">Ukraine<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year\u2019s Microsoft Digital Defense Report provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world. During the past year, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":129470,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[152,50],"class_list":["post-129469","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-news","tag-microsoft-on-the-issues","tag-recent-news"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/129469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=129469"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/129469\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/129470"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=129469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=129469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=129469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}