The Microsoft Digital Defense Report 2021 covers the period from July 2020 to June 2021, and its findings cover trends across nation-state activity, cybercrime, supply chain security, hybrid work, and disinformation. According to the report, attacks from Russian nation-state actors are “increasingly effective,” jumping from a 21% successful compromise rate last year to a 32% rate this year. Also, the rate of targeting government agencies for intelligence gathering has climbed from 3% of their targets a year ago to 53% in 2021. After Russia, the largest volume of attacks have come from North Korea (23%), followed by Iran (11%), China (8%), and South Korea, Vietnam, Vietnam, and Turkey (a new entrant) all with less than 1% representation. The top three countries targeted by Russian nation-state actors were the U.S., Ukraine, and the UK. “Over the past year, Russia-based activity groups have solidified their position as acute threats to the global digital ecosystem. They have also shown a high tolerance for collateral damage, which leaves anyone with connections to targets of interest vulnerable to opportunistic targeting,” the report states. “Over the past year, Russia-based groups have improved their rates of successful compromise and increasingly set their sights on government targets, a confluence of trends that could portend more high impact compromises in the year ahead,” the report warned. While espionage is the most common goal for nation-state attacks, some attacker activities reveal other goals, including:
Iran, which quadrupled its targeting of Israel in the past year and launched destructive attacks among heightened tensions between the two countries North Korea, which targeted cryptocurrency companies for profit as its economy was decimated by sanctions and Covid-19 21% of attacks observed across nation-state actors targeted consumers and 79% targeted enterprises with the most targeted sectors being government (48%), NGOs and think tanks (31%), education (3%), intergovernmental organizations (3%), IT (2%), energy (1%) and media (1%).
Meanwhile, China is also using its intelligence gathering for a variety of purposes and has been targeting entities in India, Malaysia, Mongolia, Pakistan, and Thailand to glean social, economic, and political intelligence about its neighboring countries. In the past three years, Microsoft has alerted customers of nation-state attack attempts 20,500 times. The company emphasized that it does not observe every global cyberattack but hopes that its visibility into threats and ability to help stop them will continue to grow as more organizations move to the cloud. Further, Cybercrime – especially ransomware – remains a serious and growing plague in this year’s Microsoft Digital Defense Report where cybercriminals target victims with money. The top five industries targeted in the past year based on ransomware engagements by Microsoft’s Detection and Response Team (DART) are consumer retail (13%), financial services (12%), manufacturing (12%), government (11%), and health care (9%). The U.S. is by far the most targeted country, receiving more than triple the ransomware attacks of the next most targeted nation. The U.S. is followed by China, Japan, Germany, and the United Arab Emirates (UAE). In the past year, Microsoft says the “cybercrime-as-a-service” economy has transitioned from a nascent but rapidly growing industry to a mature criminal enterprise. “The trends are clear: nation-states are increasingly using, and will continue to use, cyberattacks for whatever their political objectives are, whether those are espionage, disruption, or destruction. We anticipate more countries will join the list of those engaging in offensive cyber operations, and that those operations will become more brazen, persistent, and damaging unless there are more serious consequences,” the report added. “And the cybercrime market will continue to become more sophisticated and more specialized unless we all evolve our work to stop them. More work than ever is underway to counteract these concerns, but we will need to ensure they remain on the top of national and international agendas in the coming years.” However, the good news is that the U.S. government has taken unprecedented steps to address cybersecurity using laws and authority such as the Executive Order announced in May. Additionally, passing new laws that require mandatory reporting when organizations discover cyberattacks, as well as both governments and companies voluntarily coming forward when they are the victims of attacks, is providing transparency and helping everyone better understand the problem and enabling increased engagement from government and first responders.