The US, Ukraine, and Israel remain the most frequent targets of cyberespionage and cybercrime attacks out of a total of 120 attacked countries, Microsoft says in a new report.
The observed attacks, the tech giant says, were fueled by nation-state spying and influence operations, and more than 40% of the observed attacks targeted critical infrastructure organizations. At times, NATO member states were at the receiving end of half of the observed cyberattacks.
“While headline-grabbing attacks from the past year were often focused on destruction or financial gain with ransomware, data shows the predominant motivation has swung back to a desire to steal information, covertly monitor communication, or to manipulate what people read,” Microsoft notes.
According to the company’s latest Digital Defense Report (PDF – direct download), between July 2022 and June 2023, Russian spy agencies have intensified their attacks in support of the war in Ukraine, while Iranian threat actors have been amplifying manipulative campaigns and targeting sensitive networks for espionage.
Russia and China too have been increasing the scope of their influence operations, the former to intimidate global Ukrainian communities, and the latter to spread covert anti-US propaganda, directly targeting global Chinese-speaking and other communities.
According to the tech giant’s report, state-sponsored threat actors are increasingly employing propaganda to undermine democratic institutions and manipulate national and global opinion.
China has expanded state-sponsored cyberespionage campaigns fueling its Belt and Road Initiative or targeting US military, key facilities, and critical infrastructure, while North Korean hackers were seen targeting a submarine technology company, while continuing to engage in cryptocurrency theft.
“While the US, Ukraine, and Israel continue to be most heavily attacked, the last year has seen an increase in the global scope of attacks. This is particularly the case in the Global South, especially Latin America and sub-Saharan Africa. Iran increased its operations in the Middle East. Organizations involved in policymaking and execution were among the most targeted, in line with the shift in focus to espionage,” Microsoft says.
According to the tech giant’s report, state-sponsored threat actors are increasingly employing propaganda to undermine democratic institutions and manipulate national and global opinion.
Microsoft also observed that threat actors are using AI to improve influence operations, but notes that the technology is crucial for defense and for automating and augmenting detection, analysis, response, and prediction.
Since September 2022, Microsoft says, there has been a 200% increase in human-operated ransomware attacks, targeting organizations with customized ransom demands. Since November 2022, the instances of data exfiltration following compromise have doubled, Microsoft’s report shows.
The tech giant also notes that more than 80% of all observed compromises originated from unmanaged or bring-your-own devices and that ransomware operators are exploiting flaws in less common software, to avoid prediction.
The report also shows that the number of password-based and multi-factor authentication (MFA) fatigue attacks has increased. Over the past year, Microsoft observed roughly 6,000 MFA fatigue attempts per day and, in 2023, an average of 4,000 password attacks per second.
Related: ICS Computers in Western Countries See Increasing Attacks: Report
Related: Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
Related: Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends