Nation-state cyberattacks targeting critical infrastructure are rising as countries continue to leverage technology to carry out advanced cyberattacks in addition to physical warfare, according to Microsoft’s latest Digital Defense Report.

Much of the report focuses on the ongoing Russian war against Ukraine—which Microsoft attributes as a main cause of the spike in cyberattacks targeting critical infrastructure—while other sections touch on ransomware, devices and infrastructure, cyber influence campaigns, and protections.

Nation-State Landscape

According to the Redmond, Wash.-based tech giant, cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks to 40%, due in large part to Russia targeting Ukraine’s infrastructure and its espionage of Ukraine’s allies.

In addition, Microsoft says nation states such as Russia are also accelerating attempts to compromise IT firms to disrupt or gain intelligence from those firms’ government customers in NATO member countries.

According to Microsoft, 90% of Russia’s attacks over the past year targeted NATO Member states, and 48% of these attacks targeted IT providers based in those countries.

The trend represents a new strategy on the geopolitical stage in which cyberattacks are carried out before or in conjunction with physical attacks. Microsoft says Russian cyber actors carried out destructive cyberattacks against its neighbor’s government, tech and financial sectors before launching a physical military campaign.

However, other U.S. adversaries are also engaging in similar behavior, such as Iran, North Korea and China, all of which Microsoft says have carried out cyberattacks designed to benefit the respective countries.

Cybercriminals Becoming More Sophisticated

While nation-state attacks get most of the attention as they are national security threats, profit-fueled cyberattacks are also on the rise, as the cybercrime economy continues to lower the skill barrier to entry.

According to Microsoft, the number of estimated password attacks per second increased in the last year by 74%, with many leading to ransomware attacks, which are asking for higher and higher ransoms. The company says the average ransom demands have more than doubled.

The cybersecurity industry is improving and is blocking many attacks, but cybercriminals are also adapting their techniques and increasing the complexity of how and where they host campaign operation infrastructure, according to the report.

Human-operated ransomware is becoming particularly alarming, as one-third of targets are successfully compromised by criminals using these attacks, and 5% of those are ransomed.

IoT Being Targeted by Hackers

Microsoft’s report also touches on threats posed to the growing list of internet-facing devices and the Internet of Things (IoT), which are becoming a favorite target of hackers due to the lack of built-in security controls.

According to the report, attacks against remote management devices have increased steadily since June 2021, and web attacks against IoT and operational technology (OT) devices have largely ebbed and flowed over the last year, with a large spike in September 2021.

In the past year, Microsoft says it observed attacks against common IoT protocols—such as Telnet— drop significantly, in some cases as much as 60%. At the same time, botnets were repurposed by cybercrime groups and nation state actors. The report says the persistence of malware, such as Mirai, highlights the modularity of these attacks and the adaptability of existing threats.

According to Microsoft’s Digital Defense Report, Mirai—which has been redesigned several times to adapt to different architectures—has evolved to infect a wide range of IoT devices including internet protocol cameras, security camera digital video recorders, and routers. The attack vector bypassed legacy security controls and poses a risk for endpoints within the network by exploiting additional vulnerabilities and moving laterally.

Adopt Good Cybersecurity Practices

Microsoft calls on organizations to adopt good cybersecurity practices and hygiene. For example, Microsoft urges customers to pay attention to the basics, such as multi-factor authentication, patching, and deploying modern security solutions.

The company says 80% of security incidents can be traced to “a few missing elements” that could be addressed through modern security approaches, and 90% of compromised accounts were not protected with strong authentication. This comes as Microsoft says it is defending against 900 password attacks per second.

In addition, Microsoft says organizations should apply Zero Trust security principles.

In a blog, Tom Burt, corporate vice president of customer security and trust at Microsoft says the average enterprise has 3,500 connected devices that are not protected, and organizations are struggling to detect attacks in time.

Finally, as this year’s report explores, we can’t ignore the human aspect,” Burt writes. “We have a shortage of security professionals – a problem that needs to be addressed by the private sector and governments alike – and organizations need to make security a part of their culture.”

---

This article was originally published in CS sister publication MyTechDecisions.com and has been edited. Zachary Comeau is TD’s editor in chief.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content