Skip links
Microsoft report on digital defence

Russian cyberattacks targeting critical infrastructure

Cybercriminals continue to act as sophisticated profit enterprises, Microsoft says in its annual Digital Defence Report. During the past year, cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks to 40%. This spike was due, in large part, to Russia’s goal of damaging Ukrainian infrastructure, and aggressive espionage targeting Ukraine’s allies. Iranian actors launched destructive attacks targeting Israel. North Korean actors launched a series of attacks to steal technology from aerospace companies and researchers around the world. China increased its espionage and information stealing.

The report says that compared to 2021, there has been a drop in the overall number of ransomware in North America and Europe. At the same time, cases reported in Latin America increased. 

“We also observed a steady year-over-year increase in phishing emails. While Covid-19 themes were less prevalent than in 2020, the war in Ukraine became a new phishing lure starting in early March 2022.” 

Read Also:  Cybersecurity is a USD 2 trillion market opportunity

“Microsoft researchers observed a staggering increase of emails impersonating legitimate organizations soliciting cryptocurrency donations in Bitcoin and Ethereum, allegedly to support Ukrainian citizens.”

“Russia also accelerated its attempts to compromise IT firms as a way to disrupt or gain intelligence from those firms’ government agency customers in NATO member countries.” 

90% of Russian attacks detected by the company over the past year targeted NATO member states, and 48% of these attacks targeted IT firms based in NATO countries.

“Iranian actors escalated bold attacks following a transition of presidential power. They launched destructive attacks targeting Israel, and ransomware and hack-and-leak operations beyond regional adversaries to U.S. and EU victims, including U.S. critical infrastructure targets like port authorities.” 

Read Also:  MEPs want more cybersecurity and protection of infrastructure

According to the report, North Korea launched a series of attacks to steal technology from aerospace companies and researchers around the world. Another North Korean actor worked to gain access to global news organizations that report on the country, and to Christian groups. A third actor continued attempts, often without success, to break into cryptocurrency firms the company reports.

“China increased its espionage and information stealing cyberattacks as it attempted to exert more regional influence in Southeast Asia and counter growing interest from the U.S.” 

“Many of the attacks coming from China are powered by its ability to find and compile “zero-day vulnerabilities” – unique unpatched holes in software not previously known to the security community. China’s collection of these vulnerabilities appears to have increased on the heels of a new law requiring entities in China to report vulnerabilities they discover to the government before sharing them with others.”

“Cybercrime continues to rise as the industrialization of the cybercrime economy lowers the skill barrier to entry by providing greater access to tools and infrastructure. In the last year alone, the number of estimated password attacks per second increased by 74%. Many of these attacks fuelled ransomware attacks, leading to ransom demands that more than doubled.” 

The report says that foreign actors are using highly effective techniques – often mirroring cyberattacks – to enable propaganda influence to erode trust and impact public opinion – domestically and internationally.

Read Also:  A focus on cybersecurity as 76% fear cybercrime

“We observed how Russia has worked hard to convince its citizens, and the citizens of many other countries, that its invasion of Ukraine was justified – while also sowing propaganda to discredit Covid-19 vaccines in the West while promoting their effectiveness at home.”

Among actions to protect users from attacks, Microsoft stresses multi-factor authentication, applying security patches, being intentional about who has privileged access to systems, and deploying modern security solutions from any leading provider. 

“It’s also critical to detect attacks early. In many cases, the outcome of a cyberattack is determined long before the attack begins. Attackers use vulnerable environments to gain initial access, conduct surveillance and wreak havoc by lateral movement and encryption or exfiltration.”

Read Also:  No More Ransom coordinating defense against cyber crooks

Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

    Do you want an experienced opinion on a job issue?
    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.