Microsoft uncovered sophisticated phishing attacks targeting thousands of accounts belonging to government personnel and human rights organizations last week, attributing the malicious activity to Nobelium. The hacking group has been previously linked to the Russian foreign intelligence agency SVR and the recent SolarWind attacks.
Now, Microsoft has proposed what needs to be done in order to prevent cyberattacks of this magnitude in the future.
A blog post penned by Microsoft Corporate Vice President, Customer Security and Trust Tom Burt states that the company has been monitoring the situation closely and antivirus software coupled with solutions like Microsoft Defender for Office 365 are detecting and protecting against malware. This is why a large number of organizations have not been compromised despite being targeted.
An important point that Burt raised is the need to differentiate between "espionage as usual activities" like the Nobelium attack from last week versus crippling cyberattacks like SolarWinds and Colonial Pipelines. As such, there also needs to be clearer distinction between how to respond to such activities. The executive went on to say that:
[...] We must work to deter damaging attacks. Again, this Administration has already taken important steps. It attributed SolarWinds to the Russian SVR intelligence agency more rapidly than the U.S. has ever previously publicly attributed a cyberattack to a foreign nation. It also imposed sanctions for that and other actions – a step essential to deterrence. Yes, more will need to be done. Clearer rules for nation-state conduct need to be defined and agreed to by the international community, and clear and expected sanctions should be communicated for violation of those rules. For example, what exactly is the “espionage as usual” that should be tolerated, and when is this line crossed? Progress is being made through the Paris Call for Trust and Security in Cyberspace, established in 2018, which we hope the U.S. will now join. Recent United Nations processes are also resulting in consensus reports that will further the international effort to define these rules, and the Oxford Process has convened the world’s leading international law experts to define how international law applies to cyberspace. These are all encouraging steps.
Lastly, the Redmond tech giant emphasized the importance of transitioning to the cloud where providers are working actively to follow the latest cybersecurity standards and managed tooling. It also encouraged that everyone should enable two-factor authentication when using digital services, as the bare minimum. Burt praised the U.S. government's Cybersecurity Executive Order which highlights the need for public and private sectors to collaborate and strengthen the cybersecurity infrastructure of not only government tooling, but also the ecosystem in general. The executive called the U.S. government's recent commitment to cybersecurity "unprecedented" and indicated that the collaboration should continue.