Microsoft customers are facing over 600 million cyber attacks per day, ranging from simple phishing attacks launched by opportunistic individuals, to complex ransomware and espionage campaigns conducted by state-sponsored cyber groups, the company has claimed.
Microsoft’s fifth annual Digital Defense Report has examined how cyber criminals and nation states are motivated, interact, and conduct attacks.
Geopolitical tensions are also fueling cyber attacks, as adversaries seek to gain the upper hand by disrupting critical infrastructure and stealing technological, political and military secrets. As a result, nation states are taking advantage of the skills provided by cybercrime organizations, and exchanging them for funding and training.
Tactics, techniques, and procedures have changed - but not motives
The motivations for both cybercrime organizations and state-sponsored groups have overwhelmingly remained the same, with the former being financially motivated and the latter motivated by damage, intelligence and influence. What has changed however, is the tactics, techniques, and procedures (TTPs) used.
Microsoft has observed nation state actors increasingly rely on tried and tested infrastructure used by cyber criminal groups, such as infostealers and command and control (C2) frameworks, to conduct attacks. For example, Russian threat actor Storm-2049 was spotted using the Xworm and Remcos RAT tools - malware available for purchase or for free and usually used by cyber criminals - to attack at least 50 Ukrainian military devices. Remcos RAT was recently hidden by cyber criminals inside fake patches during the CrowdStrike outage earlier this year.
North Korea is also adapting its espionage campaigns to provide financial benefits by deploying a bespoke ransomware called FakePenny, which has been used to exfiltrate sensitive data from the aerospace and defense sectors for intelligence purposes before encrypting files and requesting a ransom. Both of these examples signify a blurring of the lines between nation state threat actors and cyber criminal groups.
Microsoft also highlights how the primary focus of nation state activity remains in active conflict zones and areas of regional conflict. Following the dedication of resources by NATO countries to Ukraine’s effort to combat Russia’s invasion, the focus of the Kremlin has been on gathering intelligence on Western policy and opinion of the war, with 75% of Russia’s targets either being in Ukraine itself, or in a NATO member state.
China has also focused on attempting to solidify itself as a regional hegemon by focusing its attention on the military and political policy of Taiwan and other countries in Southeast Asia - particularly those involved in disputes over territorial borders within the South China Sea.
There has also been a significant spike in election influence related campaigns, with Microsoft noting a significant increase in domains registered to look legitimate but actually direct a victim to a spoofed website (known as homoglyph domains). For example, replacing a ‘w’ with ‘vv’ within the domain, or ‘.gov’ with ‘.org’ at the end of the address.
China and Russia have both also been observed experimenting with generative AI to manipulate text, imagery, video and audio to construct influence campaigns. Their effectiveness however, has been limited so far.
The full report, alongside recommendations for cybersecurity professionals and policymakers, can be found here.
More from TechRadar Pro
- These are the best business VPNs around right now
- Bitdefender releases new tool to protect your digital life from scams and fraud
- Take a look at our roundup of the best VPN with antivirus