Microsoft has revealed that there are more than 600 million cybercriminal and nation-state attacks being launched every day. The attacks include ransomware attacks where money is demanded to unlock data to identity attacks. Both cybercriminals and nation-states are also getting more adept at using generative AI in their attacks.
The Microsoft Digital Defense Report 2024 also found that there is increasing evidence of collusion of cybercrime gangs with nation-state groups where they are sharing tools and techniques.
The Redmond giant said that nation-state actors conduct their operations for financial gain, to enlist cybercriminals to collect intelligence (particularly on the Ukrainian military), and they especially use infostealers and command and control frameworks.
Explaining some of the actions nation-states have done, Microsoft said:
- Russian threat actors appear to have outsourced some of their cyberespionage operations to criminal groups, especially operations targeting Ukraine. In June 2024, a suspected cybercrime group used commodity malware to compromise at least 50 Ukrainian military devices.
- Iranian nation-state actors used ransomware in a cyber-enabled influence operation, marketing stolen Israeli dating website data. They offered to remove specific individual profiles from their data repository for a fee.
- North Korea is getting into the ransomware game. A newly identified North Korean actor developed a custom ransomware variant called FakePenny, which it deployed at organizations in aerospace and defense after exfiltrating data from the impacted networks—demonstrating both intelligence gathering and monetization motivations.
- Chinese threat actors’ targeting efforts remain similar to the last few years in terms of geographies targeted—Taiwan being a focus, as well as countries within Southeast Asia—and intensity of targeting per location.
In the run-up to the 2020 US presidential election, there was a lot of noise about protecting the election from foreign interference. We"ve heard similar noises this time around, but they don"t sound as loud this time.
Microsoft said that Russia, Iran, and China have all been using ongoing geopolitical issues to increase discord on sensitive issues and undermine confidence in elections "as the foundation of democracy." Out of these, Russia and Iran have been the most active.
The countries being hit most, aside from the US and the UK, are countries with active military conflict or regional tensions. These include Israel, Ukraine, the United Arab Emirates, and Taiwan.
To combat these threats, Microsoft says that it will take conscientiousness and commitment by both the public and private sectors so that attackers no longer have the advantage. If you want to read the full report, you can do so here.