Microsoft Warns Of Rise In Sophisticated Cyber Attacks Coming From Russia, China

Microsoft Building
Oh great, as if 2020 has not been challenging enough already, the latest Digital Defense Report from Microsoft outlines some troubling cybersecurity trends. Threat actors are "rapidly" increasing the sophistication of their cyberattacks, ultimately making them more difficult to detect, and more likely to trick "even the savviest targets."

"For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware," Microsoft states.

Threat actors are gravitating towards "clear preferences for certain techniques." Notably, they are increasingly focused on harvesting sensitive data and spreading malware, and have exhibited a growing fondness for attacking Internet of Things (IoT) devices.

Looking back at 2019, Microsoft said it blocked over 13 billion (with a "b") malicious and suspicious emails. It is not clear how many of those might have turned out to be false positives, though Microsoft did say that out the 13 billion it blocked, more than 1 billion directed users to URLs designed to trick users into forking over their login credentials (phishing attacks, in other words).

Interestingly, Microsoft said it observed a 35 percent increase in total attack volume on IoT devices in the first half of 2020 compared to the second half of 2019. From our own vantage point, this is mildly surprising, and certainly disappointing. It has been well known for some time now that IoT devices are lacking in overall security, compared to PCs and the sort, but it seems the situation is getting worse instead of better.

"Given the leap in attack sophistication in the past year, it is more important than ever that we take steps to establish new rules of the road for cyberspace," Microsoft says.

Specifically, Microsoft suggest organizations (be it a business or government agency) invest in people and technology to thwart the rising tide of sophisticated attacks, teach people the basics about security (like regular updates), and enabling multi-factor authentication (MFA). According to Microsoft, leveraging MFA alone would have prevented the vast majority of attacks, despite their cleverness.

As to where the attacks are most likely to come from, it can be anywhere. However, the highest percentage of nation state attacks have originated from Russia, followed by Iran, China, North Korea, and other countries, according to the report.

Threat actors target non-government organizations and professional services the most, each of which accounts nearly a third of all attacks. Other targets include government organizations (13 percent), international organizations (10 percent), information technology firms (7 percent), and higher education (7 percent).

If you want to take a deeper dive, you can read the full 87-page report (PDF).