The internet is now a "cyber storm" — Microsoft says customers face 600 million attacks per day and the lines between nation states and cybercriminals are blurring
Microsoft Digital Defense Report claims nation states and cybercriminals are in bed together
Microsoft customers are facing over 600 million cyber attacks per day, ranging from simple phishing attacks launched by opportunistic individuals, to complex ransomware and espionage campaigns conducted by state-sponsored cyber groups, the company has claimed.
Microsoft’s fifth annual Digital Defense Report has examined how cyber criminals and nation states are motivated, interact, and conduct attacks.
Geopolitical tensions are also fueling cyber attacks, as adversaries seek to gain the upper hand by disrupting critical infrastructure and stealing technological, political and military secrets. As a result, nation states are taking advantage of the skills provided by cybercrime organizations, and exchanging them for funding and training.
Tactics, techniques, and procedures have changed - but not motives
The motivations for both cybercrime organizations and state-sponsored groups have overwhelmingly remained the same, with the former being financially motivated and the latter motivated by damage, intelligence and influence. What has changed however, is the tactics, techniques, and procedures (TTPs) used.
Microsoft has observed nation state actors increasingly rely on tried and tested infrastructure used by cyber criminal groups, such as infostealers and command and control (C2) frameworks, to conduct attacks. For example, Russian threat actor Storm-2049 was spotted using the Xworm and Remcos RAT tools - malware available for purchase or for free and usually used by cyber criminals - to attack at least 50 Ukrainian military devices. Remcos RAT was recently hidden by cyber criminals inside fake patches during the CrowdStrike outage earlier this year.
North Korea is also adapting its espionage campaigns to provide financial benefits by deploying a bespoke ransomware called FakePenny, which has been used to exfiltrate sensitive data from the aerospace and defense sectors for intelligence purposes before encrypting files and requesting a ransom. Both of these examples signify a blurring of the lines between nation state threat actors and cyber criminal groups.
Microsoft also highlights how the primary focus of nation state activity remains in active conflict zones and areas of regional conflict. Following the dedication of resources by NATO countries to Ukraine’s effort to combat Russia’s invasion, the focus of the Kremlin has been on gathering intelligence on Western policy and opinion of the war, with 75% of Russia’s targets either being in Ukraine itself, or in a NATO member state.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
China has also focused on attempting to solidify itself as a regional hegemon by focusing its attention on the military and political policy of Taiwan and other countries in Southeast Asia - particularly those involved in disputes over territorial borders within the South China Sea.
There has also been a significant spike in election influence related campaigns, with Microsoft noting a significant increase in domains registered to look legitimate but actually direct a victim to a spoofed website (known as homoglyph domains). For example, replacing a ‘w’ with ‘vv’ within the domain, or ‘.gov’ with ‘.org’ at the end of the address.
China and Russia have both also been observed experimenting with generative AI to manipulate text, imagery, video and audio to construct influence campaigns. Their effectiveness however, has been limited so far.
The full report, alongside recommendations for cybersecurity professionals and policymakers, can be found here.
More from TechRadar Pro
- These are the best business VPNs around right now
- Bitdefender releases new tool to protect your digital life from scams and fraud
- Take a look at our roundup of the best VPN with antivirus
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.