Man
Professional
- Messages
- 3,068
- Reaction score
- 599
- Points
- 113
Microsoft research on the growth of cyberattacks against the backdrop of crises.
According to Microsoft's fifth annual Digital Security Report, the company's customers face more than 600 million cyberattacks every day. The scope of the threats ranges from simple phishing attacks carried out by individual threat actors to sophisticated ransomware and espionage campaigns orchestrated by state-run cyber groups.
Microsoft research reveals the motives, methods of interaction and conduct of attacks by cybercriminals and nation states. Geopolitical tensions are becoming a catalyst for the rise in cyberattacks as adversaries seek to gain an advantage by disrupting critical infrastructure and stealing technological, political, and military secrets.
A worrying trend is emerging: States are increasingly using the skills of cybercriminal organizations, offering them funding and training in exchange for services. At the same time, the motives of both sides remain unchanged: cybercriminal groups pursue financial gain, while state structures are aimed at causing damage, gathering intelligence and increasing political influence.
Tactics, techniques and procedures (TTP) have changed. Microsoft has documented that government organizations are increasingly using tools and techniques traditionally used by cybercriminal groups, such as data stealers (infostealers) and command-and-control (C2) centers, to conduct their operations.
For example, certain threat groups have been seen using publicly available malicious tools that can be purchased or found in the public domain. These programs, commonly used by cybercriminals, have been used to infiltrate military information systems and devices.
Some countries are also tailoring their spying campaigns for financial gain by deploying custom-designed ransomware. These programs are used to exfiltrate sensitive data from the aerospace and defense industries for intelligence purposes. After the theft, the data is encrypted, and a ransom is demanded for its decryption.
These examples illustrate how the lines between state threat actors and cybercriminal groups are blurring.
Microsoft also notes that the focus of government activity continues to be focused on areas of geopolitical tension and regions with high levels of conflict. Many countries have focused their efforts on strengthening regional influence, focusing on the military and political policies of neighboring states.
China, in particular, is strengthening its position as a regional leader. The focus is on the military and political strategy of Taiwan and other Southeast Asian countries, especially those involved in territorial boundary disputes in the South China Sea.
In addition, there has been a significant increase in campaigns aimed at influencing elections. Microsoft has recorded a significant increase in the number of registered domains that look legitimate but redirect the victim to fake sites (so-called homoglyphic domains). Examples include replacing "w" with "vv" or spoofing ".gov" with ".org" at the end of an address.
It is also known that some states, including China, are experimenting with generative artificial intelligence to manipulate text, images, videos, and audio as part of influence-building campaigns. However, their effectiveness remains limited at the moment.
The full text of the Microsoft Digital Defense Report, as well as recommendations for cybersecurity professionals and policymakers, are available on the official Microsoft website.
Source
According to Microsoft's fifth annual Digital Security Report, the company's customers face more than 600 million cyberattacks every day. The scope of the threats ranges from simple phishing attacks carried out by individual threat actors to sophisticated ransomware and espionage campaigns orchestrated by state-run cyber groups.
Microsoft research reveals the motives, methods of interaction and conduct of attacks by cybercriminals and nation states. Geopolitical tensions are becoming a catalyst for the rise in cyberattacks as adversaries seek to gain an advantage by disrupting critical infrastructure and stealing technological, political, and military secrets.
A worrying trend is emerging: States are increasingly using the skills of cybercriminal organizations, offering them funding and training in exchange for services. At the same time, the motives of both sides remain unchanged: cybercriminal groups pursue financial gain, while state structures are aimed at causing damage, gathering intelligence and increasing political influence.
Tactics, techniques and procedures (TTP) have changed. Microsoft has documented that government organizations are increasingly using tools and techniques traditionally used by cybercriminal groups, such as data stealers (infostealers) and command-and-control (C2) centers, to conduct their operations.
For example, certain threat groups have been seen using publicly available malicious tools that can be purchased or found in the public domain. These programs, commonly used by cybercriminals, have been used to infiltrate military information systems and devices.
Some countries are also tailoring their spying campaigns for financial gain by deploying custom-designed ransomware. These programs are used to exfiltrate sensitive data from the aerospace and defense industries for intelligence purposes. After the theft, the data is encrypted, and a ransom is demanded for its decryption.
These examples illustrate how the lines between state threat actors and cybercriminal groups are blurring.
Microsoft also notes that the focus of government activity continues to be focused on areas of geopolitical tension and regions with high levels of conflict. Many countries have focused their efforts on strengthening regional influence, focusing on the military and political policies of neighboring states.
China, in particular, is strengthening its position as a regional leader. The focus is on the military and political strategy of Taiwan and other Southeast Asian countries, especially those involved in territorial boundary disputes in the South China Sea.
In addition, there has been a significant increase in campaigns aimed at influencing elections. Microsoft has recorded a significant increase in the number of registered domains that look legitimate but redirect the victim to fake sites (so-called homoglyphic domains). Examples include replacing "w" with "vv" or spoofing ".gov" with ".org" at the end of an address.
It is also known that some states, including China, are experimenting with generative artificial intelligence to manipulate text, images, videos, and audio as part of influence-building campaigns. However, their effectiveness remains limited at the moment.
The full text of the Microsoft Digital Defense Report, as well as recommendations for cybersecurity professionals and policymakers, are available on the official Microsoft website.
Source
