Russia was behind 58 percent of all state-backed cyber attacks on Western targets in the past year, according to new research by Microsoft.
Major targets reportedly included government agencies and think tanks in the US, UK, Ukraine as well as European NATO members.
The devastating effectiveness of the long-known SolarWinds hack – it primarily breached information technology businesses including Microsoft – boosted the success rate of Russian state-backed hackers to 32 percent in the year ended June 30, compared to 21 percent in the previous 12 month than.
Meanwhile, China is responsible for one in 10 of the state-backed hacking attempts Microsoft found, but was 44 percent successful in breaking into targeted networks, Microsoft said in its second annual Digital Defense report, which Covers July 2020. June 2021.
While Russia’s prolific state-sponsored hacking is well known, Microsoft’s report provides unusually specific details of how it stacks up against it by other US adversaries.
The report also cited ransomware attacks as a serious and growing plague, with the United States being by far the most targeted nation, with more than three times the number of attacks as the next most targeted nation.
Ransomware attacks are criminal and financially motivated, usually demanding an amount of cryptocurrency in exchange for returning access control to a computer system.
In contrast, state-backed hacking is primarily about intelligence gathering – whether for national security or commercial or strategic gain – and is thus generally tolerated by governments, which have the most skilled US cyber operators.
The report from Microsoft, which works closely with Washington government agencies, does not address the hacking of the US government.
The SolarWinds hack was such an embarrassment to the US government, however, that some Washington legislators demanded some sort of retaliation.
President Joe Biden has had a hard time drawing a red line for allowing cyber activity.
They have issued a vague warning to President Vladimir Putin on cracking down on ransomware criminals, but several top cybersecurity officials in the administration said this week that they saw no evidence of it.
Overall, the success rate of nation-state hacking is about 10-20 percent, said Kristin Goodwin, who heads Microsoft’s digital security unit, which focuses on nation-state actors.
“It’s something that’s really important to us to try to stay ahead – and keep driving that compromise number down – because the lower it is, the better we are doing,” said Ms. Goodwin.
Ms Goodwin found China’s “geopolitical targets” particularly noteworthy in her recent cyber espionage, which includes targeting foreign ministries in Central and South American countries, where it is making Belt and Road Initiative infrastructure investments in Taiwan and Hong Kong. And the university is building where resistance to Beijing’s regional ambitions is strong. .
The findings further obsolete any conventional wisdom that the interests of Chinese cyber spies are limited to intellectual property theft.
Russian hack attempts in the 2019-20 period were up 52 percent as part of the global cyber-infiltration bids discovered by the “nation-state notification service” that Microsoft employs to alert its customers.
For the year ending June 30, North Korea was in second place as a country of origin with 23 percent, down from 11 percent previously.
China has fallen from 12 per cent to 8 per cent, but the magnitude and efficacy of the effort differ.
North Korea’s failure rate on spear-phishing — targeting individuals, usually with booby-trapped email — was 94 percent in the past year, Microsoft found.
Only 4 percent of all state-backed hackings targeted critical infrastructure, the company said, with Russian agents having little interest in it compared to Chinese or Iranian cyber-operatives.
After the discovery of the SolarWinds hack in December, the Russians transitioned back to focus mostly on government agencies involved in foreign policy, defense and national security, then think tank then healthcare, where they developed COVID-19 vaccines and treatments. Targeted development and testing organizations. United States, Australia, Canada, Israel, India and Japan.
In the report, Microsoft said the recent greater efficacy of Russian state hackers “could portend a more high-impact settlement in the coming year”.
Accounting for more than 92 percent of known Russian activity was the elite hacking team at Russia’s SVR foreign intelligence agency known as the Cozy Bears.
Cozy Bear, which Microsoft calls Nobelium, was behind the SolarWinds hack, which went undetected for much of 2020 and whose discovery deeply embarrassed Washington.
Among the badly compromised US government agencies was the Justice Department, whereby Russian cyber spies took out 80% of the email accounts used by US attorneys’ offices in New York.
Microsoft’s nation-state notifications, of which approximately 7,500 were issued globally in the period covered by the report, are by no means exhaustive, and reflect only what Microsoft was able to detect.
Additional reporting from agencies.
Credit: www.independent.co.uk /