Report: Government is the most-targeted sector by nation-state attackers
Most nation-state cyber attackers are keeping their sights set on governments, intergovernmental organizations, nongovernmental organizations and think tanks. Nearly 80% of nation-state attacks in the last year fell within those categories, according to Microsoft’s FY21 Digital Defense Report.
Espionage was deemed the primary purpose of the attacks, though Iran regularly engaged in destructive attacks, mostly against Israel, and North Korean actors targeted cryptocurrency companies looking for financial gain.
Government was the most-targeted sector, with 48% of attacks hitting governments. The U.S. was by far the most targeted nation, suffering 46% of the nation-state attacks between July 2020 and June 2021.
Government-sector targeting tended to focus on ministries of foreign affairs and other agencies involved in international affairs. Think tanks were also highly targeted, perhaps because they influence current or future government policy or political objectives, Microsoft suggested. Thirty-one percent of the attacks targeted think tanks and other NGOs. Educational institutions suffered 3% of attacks, IT 2% and media, health and energy just 1%.
Attacks on enterprises led those on consumers 79% to 21%. Critical infrastructure was targeted far less than noncritical infrastructure across the major nations. The other big target was IT service providers, like SolarWinds and Microsoft, which were attacked in order to more successfully exploit their customers.
Most (58%) of the nation-state attacks came from Russia. The percentage of government organizations targeted by Russia rocketed from 3% last period to 53% since July 2020. The attacks have also become increasingly effective, climbing to a 32% successful compromise rate from 21% last year.
When it comes to the tools nation-state attackers use, Microsoft found they tend to develop their own malware, construct novel password spray infrastructure, or design unique phishing or social engineering campaigns that other criminals adopt and refine over time.
Russian threat activity this past year suggests that it was driven by intelligence collection, according to Microsoft, which reported seeing data exfiltration but little evidence of disruptive or destructive activity from the groups tracked.
“While nation state attacks are often sophisticated or can deploy 0-day vulnerabilities to gain access to networks, defense-in-depth strategies and proactive monitoring can greatly reduce the actor’s dwell time on a network, potentially enabling disruption of their activities before they reach their goals,” the report said.
IT departments should build protective controls across managed identities, devices, applications, data, infrastructure and networks to raise the threshold for attackers, improving their organization’s ability to detect anomalous activity in the environment, the company advised.
Connect with the GCN staff on Twitter @GCNtech.