RIGA - From July 2021 to June 2022, the number of cyberattacks on critical infrastructure in different countries increased significantly, jumping from comprising 20 percent of all nation-state attacks Microsoft detected in the same period in 2020-21 to 40 percent, according to the latest Micrsofot Digital Defense Report.
This spike was due, in large part, to Russia's goal of damaging Ukrainian infrastructure, and aggressive espionage targeting of Ukraine's allies, including the United States. Russia also accelerated its attempts to compromise IT firms as a way to disrupt or gain intelligence from those firms' government agency customers in NATO member countries. 90 percent of Russian attacks we detected over the past year targeted NATO member states, and 48 percent of these attacks targeted IT firms based in NATO countries.
Russia was not alone in pairing political and physical aggression with cyberattacks. Cyber security also deteriorated due to the situation in Iran, North Korea and China.
Cybercrime continues to rise as the industrialization of the cybercrime economy lowers the skill barrier to entry by providing greater access to tools and infrastructure. In the last year alone, the number of estimated password attacks per second increased by 74 percent. Many of these attacks fueled ransomware attacks, leading to ransom demands that more than doubled, said Microsoft.
The report also says that foreign actors are using highly effective techniques - often mirroring cyberattacks - to enable propaganda influence to erode trust and impact public opinion - domestically and internationally.
Microsoft observed how Russia has worked hard to convince its citizens, and the citizens of many other countries, that its invasion of Ukraine was justified - while also sowing propaganda to discredit Covid-19 vaccines in the West while promoting their effectiveness at home. Microsoft also observed an increasing overlap between these operations and cyberattacks.
Good cyber hygiene practices remain the best defense while the cloud provides the best physical and logical security against cyberattacks, says the report.
The biggest thing people can do is pay attention to the basics - enabling multi-factor authentication, applying security patches, being intentional about who has privileged access to systems, and deploying modern security solutions from any leading provider, said Microsoft.