High-volume destructive attacks are no longer the main focus of nation-state cyber operations; instead, it is espionage and influence operations, according to Microsoft’s latest annual Digital Defense Report.
The report, which was released on October 5, 2023, noted that while ransomware and other headline-grabbing attacks in the previous year primarily targeted destruction or financial gain, data shows that nation-state-led cyber attacks are once again primarily motivated by information theft, covert communication monitoring, or manipulating the content that users read.
Microsoft stated that “while the impact of destructive attacks is felt more immediately, persistent and stealthy espionage operations pose a long-term threat to the integrity of government, private industry, and critical sector networks.” It also added that “threat actors globally acted to increase their collection capacity against foreign and defense policy organizations, technology firms, and critical infrastructure organizations”.
The report also mentioned that the first six weeks of the conflict saw nearly half of all harmful Russian attacks against Ukraine. Threat actors with ties to Russia are more likely now to carry out phishing schemes, credential theft, data exfiltration, and other espionage-related activities.
Furthermore, Iran, China, and North Korea have expanded the use of cyber spying campaigns to gather intelligence on their geopolitical rivals. For example, Russian state actors are increasingly targeting organizations in NATO member states, while Chinese state actors primarily focus on US defense and critical infrastructure, as well as nations bordering the South China Sea.
Microsoft also highlighted North Korea’s increasing targeting of Russia for nuclear energy, defense, and government policy intelligence collection. The report concluded that all actors demonstrate enhanced sophistication in their cyber operations.
While attacks on critical national infrastructure (CNI) by state-sponsored actors have slightly risen, the previous year’s Digital Defense Report mentioned that 40% of all attacks targeted CNI, while the latest report recorded 41% for the past year.
However, the report did not mention any cyber operations conducted by North American or European state actors.
In advance of the report’s publication, Tom Burt, Microsoft corporate vice-president of customer security and trust, stated that there are several components contributing to their absence. He said, “One is our belief… that the volume of bad activity coming from North American or Western actors is quite a bit less – we don’t see as much activity. That could also be because their tradecraft is better. When you can’t see the activity, it’s speculation whether there is activity and you’re not seeing it, or there just isn’t as much activity. But as a general rule, our view from over the last several years has been that there’s just less of that activity… from actors operating from the West.”
Cyber crime and AI
In terms of cyber crime overall, Microsoft highlighted that criminals are increasingly utilizing the cyber crime-as-a-service ecosystem to launch phishing, identity, and distributed denial of service (DDoS) attacks on a large scale.
Among these attacks, password-based attacks showed the most significant increase, with a ten-fold spike compared to the same period last year. This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities.
The report emphasized that these attacks were particularly prevalent in the education sector, which Microsoft attributed to the “low security posture” of many organizations.
Additionally, the report discussed the role of artificial intelligence (AI) and large language models (LLMs) in cyber defense. Microsoft stated that AI can automate and enhance various aspects of cyber security, such as threat detection, response, analysis, and prediction. It also enables new capabilities and opportunities, such as using LLMs to generate natural language insights and recommendations from complex data.
However, AI and LLMs come with their own cyber security risks. Microsoft pointed out that as more apps adopt LLM-based technologies, the attack surface increases, making them vulnerable to deliberate and inadvertent misalignments. These vulnerabilities can result from command injection or prompt extraction attacks.
Nevertheless, Microsoft acknowledged that the recent developments in AI and LLMs pose ongoing research questions regarding the detection and prevention of attacks involving these technologies.
The report concluded by stating that every type of actor is using AI to refine their attacks and defenses. Furthermore, the growth of autonomous apps combining LLMs with low- or no-code platforms significantly increases security risks for organizations. It emphasized the need for collaboration, innovation, and knowledge sharing to build collective resilience against emerging threats and safeguard the ecosystem.
Brought to you by News Live Updates