The Ukrainian government is under near-constant digital attack. “It is clear cyber will continue to play an integral role in future armed conflict, supplementing traditional forms of warfare”. Google says in a report about cyber security. Microsoft reports that in the past year, cyberattacks have touched 120 countries, fuelled by government-sponsored spying and with influence operations (IO) also rising. “At times, nearly half of these attacks targeted NATO member states”, Microsoft says.
“While headline-grabbing attacks from the past year were often focused on destruction or financial gain with ransomware, data shows the predominant motivation has swung back to a desire to steal information, covertly monitor communication, or to manipulate what people read”, Microsoft’s Corporate VP, Tom Burt, writes in a blog post.
“Nearly one year ago, Russia invaded Ukraine, and we continue to see cyber operations play a prominent role in the war. Writes Google’s Senior Director, Shane Huntley, in a blog post. “It is clear cyber will continue to play an integral role in future armed conflict, supplementing traditional forms of warfare”.
- We assess with high confidence that Russian government-backed attackers will continue to conduct cyber attacks against Ukraine and NATO partners to further Russian strategic objectives.
- We assess with high confidence that Moscow will increase disruptive and destructive attacks in response to developments on the battlefield that fundamentally shift the balance – real or perceived – towards Ukraine (e.g., troop losses, new foreign commitments to provide political or military support, etc.). These attacks will primarily target Ukraine, but increasingly expand to include NATO partners.
- We assess with moderate confidence that Russia will continue to increase the pace and scope of IO to achieve the objectives described above, particularly as we approach key moments like international funding, military aid, domestic referendums, and more. What’s less clear is whether these activities will achieve the desired impact, or simply harden opposition against Russian aggression over time.
Microsoft’s key findings:
- Russian intelligence agencies have refocused their cyberattacks on espionage activity in support of their war against Ukraine, while continuing destructive cyberattacks in Ukraine and broader espionage efforts
- Iranian efforts, once focused on taking down the networks of their targets, are also inclined today to amplify manipulative messages to further geopolitical goals or tap into data flowing through sensitive networks
- China has expanded its use of spying campaigns to gain intelligence to fuel its Belt and Road Initiative or regional politics, to spy on the U.S. including key facilities for the U.S. military, and to establish access to the networks of critical infrastructure entities
- North Korean actors have been trying to covertly steal secrets; they’ve targeted a company involved in submarine technology, while separately using cyberattacks to steal hundreds of millions in cryptocurrency
Microsoft says that while the US, Ukraine, and Israel continue to be most heavily attacked, the last year has seen an increase in the global scope of attacks. This is particularly the case in the Global South, especially Latin America and sub-Saharan Africa. Iran increased its operations in the Middle East.
“While there has been an increase overall in threat activity, trends have been observed with the most active nation state actors:
- Russia targets Ukraine’s NATO allies
- China targets US defence, South China Sea nations and Belt and Road Initiative partners
- Iran brings new attacks to Africa, Latin America, and Asia
- North Korea targets Russian organizations among others
“Attackers are already using AI as a weapon to refine phishing messages and improve influence operations with synthetic imagery. But AI will also be crucial for successful defence, automating, and augmenting aspects of cybersecurity such as threat detection, response, analysis, and prediction”, Microsoft’s Tom Burt writes.
“We are already seeing AI-powered cyber-defence reversing the tide of cyberattacks; in Ukraine, for example, AI has helped defend against Russia.”