On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war. So writes Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft, in the tech company’s third annual ‘digital defense’ report. On that day, hours before missiles were launched and tanks rolled across borders, Russian actors launched a massive destructive cyber attack against Ukrainian government, technology, and financial sector targets, Burt goes on.
He points to the experience of Ukraine since as a lesson ‘that the cloud provides the best physical and logical security against cyberattacks and enables advances in threat intelligence and end point protection’. As an aside, the July print edition of Professional Security featured what the Microsoft annual UK conference at Greenwich (pictured) described as ‘the first hybrid war’, of Russia’s against Ukraine.
The report goes over cybercriminals, besides nation state threats. Burt writes that both groups have greatly increased the sophistication of their attacks, which has dramatically increased the impact of their actions. “While Russia drove headlines, Iranian actors escalated their attacks following a transition of presidential power, launching destructive attacks targeting Israel, and ransomware and hack-and-leak operations targeting critical infrastructure in the United States. China also increased its espionage efforts in Southeast Asia and elsewhere in the global south, seeking to counter US influence and steal critical data and information.”
Also discussed in the document is how Internet of Things (IoT) devices or Operational Technology (OT) control devices are targets, as entry points to networks and critical infrastructure. As for what IT vulnerabilities are out there, the report stated that most, 93 per cent of the firm’s ‘ransomware incident response engagements’ turned up ‘insufficient controls on privilege access and lateral movement’.
As for the criminals, the report describes them as ‘profit enterprises’. “Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure.” The criminals are also becoming more frugal. To lower their overheads and appear legit, attackers are compromising business networks and devices to host phishing campaigns, malware, or even use the computing power to mine cryptocurrency. And what the report terms the ‘industrialisation of the cybercrime economy’ lowers the skill barrier to entry by providing greater access to tools and infrastructure for hackers.
You can view the report at https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report-2022.
Comment
Avishai Avivi, CISO at SafeBreach, a breach and attack simulation platform, said that the report reflected much of what the firm observes. “As we consider the expanded use of the cloud by both private and public industries, the digital footprint of these extends well beyond the traditional physical borders. We also concur with the recommendations the report makes. The best defence strategy we can recommend is to practice basic cyber-hygiene. We would add three important recommendations. First, we suggest that companies segment their environments based on functionality and tightly control both incoming and outgoing network traffic for these environments.
“Next, we strongly recommend that organisations take steps to validate their security controls by simulating the adversaries’ techniques and making sure that these controls are operating as designed. Finally, we recommend that organisations leverage the wealth of threat intelligence sources available to them.”
