Cybersecurity is a constantly evolving domain where organizations and vendors are racing to upgrade their software and hardware with the latest security updates while malicious actors attempt to circumvent them. Today, Microsoft has released its annual Digital Defense Report on the topic, covering the time period of July 2020 to June 2021.
The report contains many interesting findings including statistics that indicate that 58% of all cyberattacks detected by Microsoft and originated from nation-states came from Russia. The successful compromise rate from Russian nation-state actors also significantly increased from 21% in the past period to 32% this period. More importantly, government agencies were the targets in 53% of cases, compared to 3% in the previous period. These agencies primarily belong to the U.S., Ukraine, and the UK.
Other findings from the report include:
- After Russia, the largest volume of attacks we observed came from North Korea, Iran and China; South Korea, Turkey (a new entrant to our reporting) and Vietnam were also active but represent much less volume.
- While espionage is the most common goal for nation-state attacks, some attacker activities reveal other goals, including:
- Iran, which quadrupled its targeting of Israel in the past year and launched destructive attacks among heightened tensions between the two countries
- North Korea, which targeted cryptocurrency companies for profit as its economy was decimated by sanctions and Covid-19
- 21% of attacks we observed across nation-state actors targeted consumers and 79% targeted enterprises with the most targeted sectors being government (48%), NGOs and think tanks (31%), education (3%), intergovernmental organizations (3%), IT (2%), energy (1%) and media (1%).
Microsoft also drew attention to China, saying that nation-state actors from the country have been persistently collecting intelligence regarding political and economic matters, especially against neighboring countries such as Pakistan and India. That said, the Redmond tech giant has emphasized that it doesn't have visibility over all global cyberattacks, but as more companies migrate to its cloud platforms, it hopes to provide further insights.
Microsoft has highlighted that the United States was targeted by ransomware attacks the most, followed by China, Japan, Germany and the United Arab Emirates (UAE). The company says that the primary reason for increasing ransomware attacks all over the globe is due to "cybercrime-as-a-service" becoming a mature economy where people can simply purchase malicious services from marketplaces. The Redmond tech giant went on to say that:
The trends are clear: nation-states are increasingly using, and will continue to use, cyberattacks for whatever their political objectives are, whether those are espionage, disruption or destruction. We anticipate more countries will join the list of those engaging in offensive cyber operations, and that those operations will become more brazen, persistent and damaging unless there are more serious consequences. And the cybercrime market will continue to become more sophisticated and more specialized unless we all evolve our work to stop them. More work than ever is underway to counteract these concerns, but we will need to ensure they remain on the top of national and international agendas in the coming years.
The silver lining highlighted by Microsoft in the report is the relatively recent adoption of zero-trust security models encouraged by the United States government, the passing of new laws to govern sharing of information when a cyberattack is discovered, and the fact that governments and organizations come forward with information themselves whenever they are targeted by malicious activities. This increases transparency and enables first responders to better contain the spread of cybersecurity threats. You can view the report in full here.