- Cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks Microsoft detected to 40% in 2022.
- Many of the attacks coming from China are powered by its ability to find and compile zero-day vulnerabilities.
- Russia also accelerated its attempts to compromise IT firms as a way to disrupt or gain intelligence from NATO member countries.
Microsoft published its annual Digital Defense Report, which states that a new era has begun in the cybersecurity field with Russia’s invasion of Ukraine. The report says that there is a significant increase in cyber attacks coming from authoritarian leaders.
Authoritarian leaders
In 2022, cyberattacks launched on critical infrastructure increased from 20% of all nation-state attacks to 40%. It was mainly caused by Russia’s attacks on Ukrainian infrastructure and espionage against Ukraine’s allies. Attacks targeting IT firms launched by Russia also increased. 90% of Russian cyberattacks targeted NATO member states and 48% of them targeted IT firms from NATO countries.
Along with Russia, North Korea, Iran, and China also increased political and physical aggression with cyberattacks.
- Iranian actors escalated bold attacks following a transition of presidential power. They launched destructive attacks targeting Israel, and ransomware and hack-and-leak operations beyond regional adversaries to U.S. and EU victims, including U.S. critical infrastructure targets like port authorities.
- As North Korea embarked on its most aggressive period of missile testing in the first half of 2022, one of its actors launched a series of attacks to steal technology from aerospace companies and researchers around the world. Another North Korean actor worked to gain access to global news organizations that report on the country, and to Christian groups.
- China increased its espionage and information-stealing cyberattacks as it attempted to exert more regional influence in Southeast Asia and counter growing interest from the U.S. In February and March, one Chinese actor targeted 100 accounts affiliated with a prominent intergovernmental organization in Southeast Asia just as the organization announced a meeting between the U.S. government and regional leaders.
Microsoft also stated that China is mostly focusing on zero-day vulnerabilities. Along with nation-state attacks, the number of estimated password attacks per second increased by 74%. On the other hand, Microsoft also stated that there is a drop in the overall number of ransomware cases reported to its response teams in North America and Europe, compared to the previous year. Microsoft said,
« This year’s report includes even more recommendations for how people and organizations can protect themselves from attacks. The biggest thing people can do is pay attention to the basics, enabling multi-factor authentication, applying security patches, being intentional about who has privileged access to systems, and deploying modern security solutions from any leading provider. The average enterprise has 3,500 connected devices that are not protected by basic endpoint protections, and attackers take advantage. It’s also critical to detect attacks early. In many cases, the outcome of a cyberattack is determined long before the attack begins. Attackers use vulnerable environments to gain initial access, conduct surveillance and wreak havoc by lateral movement and encryption or exfiltration. Finally, as this year’s report explores, we can’t ignore the human aspect. We have a shortage of security professionals, a problem that needs to be addressed by the private sector and governments alike, and organizations need to make security a part of their culture. »