Microsoft released its annual Digital Defense Report on 4 November 2022, detailing the cyberthreat landscape and digital defence strategies that were carried out and detected by Microsoft between July 2021 and June 2022.
The report found that nation-state cyberattacks, which target critical infrastructure, have increased from 20 to 40 per cent in the past year. Microsoft attributes this rise due to Russia’s attacks on Ukraine and its allies.
“Russia accelerated its attempts to compromise IT firms as a way to disrupt or gain intelligence from those firms’ government agency customers in NATO member countries,” said Tom Burt, corporate vice president of customer security and trust at Microsoft, in a Microsoft blog post. “90 per cent of the country’s attacks we detected over the past year targeted NATO member states and 48 per cent of these attacks targeted IT firms based in NATO countries.”
New phishing techniques have also arisen throughout the year and Microsoft researchers have observed an increase of emails impersonating legitimate organisations soliciting cryptocurrency donations in Bitcoin and Ethereum, allegedly supporting Ukrainian citizens.
“While it’s tempting to focus on nation-state attacks as the most interesting cyberactivity from the past year, it would be a mistake to overlook other threats, particularly cybercrime, which impacts more users in the digital ecosystem than nation-state activity,” said Burt.
Microsoft also found that the amount of estimated-password attacks per second increased by 74 per cent globally, which, in turn, has fuelled ransomware attacks. However, at the same time, the overall number of ransomware cases in North America and Europe has reduced in comparison to the 2021 findings.
Microsoft’s new ‘influence operations’ section of the report also analysed the use of propaganda both domestically and internationally over the past year and how this is linked to further cyberattacks.
Burt suggests that good cyber hygiene practices such as multi-factor authentication, applying security patches, being intentional about who has privileged access to systems, and deploying modern security solutions will help organisations to stay protected against cyberattacks moving forward. He also suggests that governments, the private sector and organisations need to make security part of their culture.