The recently published 2022 Microsoft Digital Defense Report revealed a sharp rise in state-sponsored cyberattacks, partially driven by Russia’s ongoing war in Ukraine. This increase marks the acceleration of an existing trend toward more frequent and brazen attacks linked to nation states.
Impact of the War in Ukraine
Attacks against critical infrastructure doubled within a year as Russia stepped up its cyber campaign against Ukraine and its allies. The Microsoft report revealed that 90% of Russian attacks targeted NATO countries, with almost half directed at IT companies.
Ukraine itself has demonstrated remarkable resilience. A central component of this success was its early decision to migrate workloads and data to the cloud in response Russia’s deployment of wiper malware and physical attacks against local data centers.
Beyond Russia, other states, including China, Iran and North Korea, have been expanding their offensive cyber operations. Microsoft reported several major attacks by Iran, including one that set off emergency rocket sirens in Israel, while cryptocurrency theft has become a primary source of revenue for the North Korean government, which stole nearly $1 billion from crypto exchanges during the first nine months of the year.
Changing Threat Landscape
The Microsoft Digital Defense Report documented key changes in the tactics of state-backed hackers. IT supply chains continue to be a target of choice for nation state actors; however, there’s been a shift toward exploiting IT service providers instead of third-party software. Compromising a trusted cloud solution or managed service provider opens a window for attackers to infiltrate downstream client networks using those providers’ delegated privileges to evade security controls.
Additionally, state-sponsored groups have improved their ability to find and rapidly exploit zero-day vulnerabilities. Between July 2021 and June 2022, patches were released for 41 zero-day vulnerabilities. Attackers associated with China have proven particularly adept at discovering zero-day exploits since the country passed a new vulnerability reporting requirement in 2021. This new regulation, the first of its kind, requires all newly identified vulnerabilities to be reported to the Chinese government before they can be disclosed to the product or service owner. In October, CISA issued an alert on the top vulnerabilities actively exploited by China-backed hackers.
Basic Cyber Hygiene
While sophisticated state-directed cyberattacks can be difficult to defend against, many state-sponsored actors rely on simple, low-cost tactics, such as spear-phishing emails. According to Microsoft, implementing basic cyber hygiene, such as multi-factor authentication, privileged access management and employee training, is sufficient to protect against 98% of attacks.