More than half of nation-state cyber attacks in the last year have originated from Russia, Microsoft has revealed in a new report.
According to the firm’s annual Digital Defense Report, 52 per cent of state-sponsored hacking attempts from July 2019 and June 2020 were Russian in origin.
Cyber operations have targeted global events, including elections and individuals tied to political campaigns, as well as the Olympic Games and the current pandemic.
Every country in the world has seen at least one Covid-19-themed attack since the pandemic began, Microsoft claims.
The number of successful attacks has increased along with Covid-19 outbreaks as ‘fear and the desire for information’ has grown.
The themes of dodgy links and scamming attempts are a reflection of ‘the contemporary issues of the day’ Microsoft said.
52 per cent of nation-state cyber warfare hack attempts from July 2019 and June 2020 were from Russia, Microsoft said. Pictured: Stock image of a hacker
WHAT ARE NATION STATE CYBER ATTACKS?
Nation state cyber attacks are assaults launched by cybercriminals who have the backing of their nation state.
Nation state attackers work for a government to compromise target governments in another country or organisations.
British defence and security company BAE Systems describes them as agents with a ‘licence to hack’.
‘They can work without fear of legal retribution – they will be highly unlikely to be arrested in their home country for what they’re doing,’ the company says.
Nation state actors are well-funded, well-trained, and watch their targets and change techniques to increase their effectiveness, Microsoft said.
For example, clicking a link to a purported Covid-19 cure can result in a computer becoming infected with viruses.
Microsoft’s annual report analyses trillions of threat signals from PCs, ‘smart home’ devices, and emails to estimate total cyber security over the course of a year.
‘Cybercriminals are opportunistic and have capitalised on interest and fear related to the Covid-19 pandemic and other disruptive events,’ said Mary Jo Schrade at Microsoft Digital Crimes Unit Asia.
‘They have expanded the way they leverage computers that are infected with malware, adding modules or changing the nature of the attacks for which they leverage them.
‘They have also focused on targeting their ransomware activities toward entities that cannot afford to be offline or without access to records during critical periods of the pandemic, like hospitals and medical research institutions.
‘Concerted efforts from organisations, governments and businesses are key to addressing these wide-ranging online threats.’
When a Microsoft customer – either a single person or organisation – is targeted or compromised by nation state activities that the firm tracks, Microsoft delivers something called a nation state notification (NSN) to the customer.
Microsoft said it has issued 13,000 alerts about nation-state hacking attempts to its customers in the last two years.
As the world prepared for the Tokyo Summer Olympic Games in 2020, at least 16 national and international sporting and anti-doping organisations across three continents were targeted
Russia, the worst offender for such attempts observed by Microsoft, has a history of launching disruptive and potentially destructive attacks ‘in response to perceived anti-Russian actions in international sport’.
Before the Olympic Games in 2016 and 2018, suspected Russia-based threat actors stole and leaked athletes’ sensitive medical data and rendered inoperable the servers comprising the IT backbone of the Olympic Games.
And as the world prepared for the Tokyo Summer Olympic Games this year – which has been postponed because of Covid-19 – at least 16 national and international sporting and anti-doping organisations across three continents were targeted.
The US took the brunt of the nation state cyber attacks in the past year, followed by the UK, Microsoft intelligence revealed.
Origin of nation state cyber attacks (top) and their targeted nation (bottom). The UK was the second most targeted nation
More than two thirds – 69 per cent – of the NSNs sent by Microsoft from July 2019 to June 2020 were to customers in the US.
19 per cent were sent to UK customers, followed by 5 per cent in Canada, 4 per cent in South Korea and 3 per cent in Saudi Arabia.
Iran, which accounted for the second-largest amount of hack attempts behind Russia, was the source of increasing state-backed cyber activity.
In a 30-day period between August and September 2019, Microsoft observed Iran-based hackers attacking 241 accounts of Microsoft customers.
The targeted accounts were associated with a US presidential campaign, current and former US government officials, journalists covering global politics and prominent Iranians living outside Iran.
As the US general election gets closer, Microsoft is ‘likely to see activity increase after this report was written’ in the demand for information. President Donald Trump (left) and Democratic candidate Joe Biden seen here in Cleveland, Ohio on September 29
As the November 2020 US Presidential election gets closer, Microsoft said it’s likely to see this nefarious activity increase.
As for China, a suspected nation state group operating there compromised accounts at a US university involved in Covid-19 vaccine research in March.
And nation state actors from both North Korea and Iran targeted global university experts that influence international policy on topics like international security, nuclear weapons and human rights.
Microsoft said non-governmental organisations are the most heavily targeted, including non-profits, think tanks, advocacy groups and human rights organisations.
The top six targeted industry sectors between July 2019–June 2020, determined by nation state notification (NSNs) delivered to Microsoft customers
32 per cent of nation state attacks between July 2019 and June 2020 targeted non-governmental organisations.
This was followed by professional services (31 per cent), government organisations (13 per cent), international organisations (10 per cent), IT firms (7 per cent) and higher education (7 per cent).
In terms of ‘Covid-themed malware encounters’, China, the US and Russia were hit the worst, showing that some of the worst offenders are in the same nation as some of their victims.
In the US, Covid-themed malware encounters peaked in March, just as American awareness of the coronavirus was starting to spread, and again in June.
While in the UK, they started to climb dramatically in February and peaked at more than 70,000 on March 14 just over a week before the full lockdown came into effect.
This Covid-themed data reflects total encounters and is not meant to imply nation-state activity, Microsoft said.
Instances of unique and total Covid-themed malware encounters in relation to local news events of the day, as seen in the UK
Attackers are using the global pandemic to broadly target consumers who want information, as well as to specifically target hospitals and healthcare providers
‘As the virus spread globally, cybercriminals pivoted their lures to imitate trusted sources like the World Health Organisation (WHO) and other national health organisations, in an effort to get users to click on malicious links and attachment,’ the report says.
‘Adversaries used the Covid-19 theme to socially engineer lures around the anxiety and the flood of information associated with the pandemic.
‘[Cybercriminals] seek to blend their well-established tactics and malware with human curiosity and our need for information… it’s a common understanding to “never waste a crisis”.’
Elsewhere in the 88-page report, Microsoft revealed it blocked more than 13 billion malicious and suspicious mails in 2019.
Out of this total, more than 1 billion were URL-based phishing threats – URLs set up for the explicit purpose of launching a phishing credential attack.
Microsoft is urging organisations to give staff employee phishing training. Phishing is where targets are contacted by email, telephone or text message to steal personal information
Microsoft is urging organisations to tell their staff to ‘say something if they see something’ like a dodgy phishing email.
‘Determining what areas of behaviour are driven by a lack of knowledge will best be addressed with a “training first” approach,’ the report says.
‘Areas where employees have the knowledge but are still not displaying desired security behaviours should be addressed through other efforts, like targeted campaigns, leadership messaging, outreach events, and a closer look at process and procedures.’
Threat actors are showing an increasing focus on Internet of Things (IoT) devices – home-based objects like fridges, speakers and surveillance cameras that exchange data over the internet.
The new analysis is based on data from more than 1.2 billion PCs, servers and IoT devices that accessed Microsoft services, as well as data from 630 billion authentication events, 470 billion emails and more than 18 million URLs.
PHISHING INVOLVES CYBER-CRIMINALS ATTEMPTING TO STEAL PERSONAL INFORMATION
Phishing involves cyber-criminals attempting to steal personal information such as online passwords, bank details or money from an unsuspecting victim.
Very often, the criminal will use an email, phone call or even a fake website pretending to be from a reputable company.
The criminals can use personal details to complete profiles on a victim which can be sold on the dark web.
Cyber criminals will use emails in an effort to elicit personal information from victims in order to commit fraud or infect the user’s computer for nefarious purposes
Some phishing attempts involve criminals sending out infected files in emails in order to take control of a victim’s computer.
Any from of social media or electronic communication can form part of a phishing attempt.
Action Fraud warn that you should never assume an incoming message is from a genuine company – especially if it asks for a payment or wants you to log on to an online account.
Banks and other financial institutions will never email looking for passwords or other sensitive information.
An effected spam filter should protect from most of the malicious messages, although the user should never call the number at the bottom of a suspicious email or follow their link.
Experts advise that customers should call the organisation directly to see if the attempted communication was genuine.
According to Action Fraud: ‘Phishing emails encourage you to visit the bogus websites.
‘They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.
‘The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.
‘Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer.
‘In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.’