Microsoft revealed that there are more than 600 million cybercrime and nation-state attacks every day. These attacks include ransomware attacks, identification attacks and attacks that demand a ransom to unlock data. Cybercriminals and nation-states are also increasingly adept at using generative AI in attacks.
The 2024 Microsoft Digital Defense Report also found growing evidence that cybercriminal groups and nation-state organizations are colluding and sharing tools and techniques.
Microsoft said nation-state actors carried out operations to gain financial gain and recruit cybercriminals to gather intelligence, particularly on the Ukrainian military, using in particular information stealers and command-and-control frameworks.
Explaining some of the actions taken by nation-states, Microsoft said Russian threat actors appear to have outsourced their operations to other countries:
Russian threat actors appear to have outsourced some cyberespionage operations to criminal groups, particularly against Ukraine. In June 2024, a suspected cybercriminal group compromised at least 50 pieces of Ukrainian military equipment using commercial malware.
Iranian nation-state actors used ransomware in a cyber influence operation to promote stolen Israeli dating website data. They offered to have specific personal data removed from their data repositories for a fee.
North Korea has also joined the ransomware game. A newly discovered North Korean actor developed a custom ransomware variant called FakePenny and deployed it to organizations in the aerospace and defense sectors after exfiltrating data from affected networks - demonstrating both intelligence collection and monetization motives.
Chinese threat actors’ targeting efforts are similar to past years in terms of target geography (Taiwan and Southeast Asian countries being the focus) and target intensity in each location.
Before the 2020 U.S. presidential election, there were endless voices about protecting the election from foreign interference. This time we heard a similar sound, but this time it didn't sound as loud.
Microsoft said Russia, Iran and China have all been exploiting current geopolitical issues to increase discord over sensitive issues and undermine confidence in elections "as the foundation of democracy." Among them, Russia and Iran are the most active.
With the exception of the United States and the United Kingdom, the countries hardest hit are those with active military conflicts or regional tensions. These countries include Israel, Ukraine, the United Arab Emirates and Taiwan.
Microsoft said that eliminating these threats requires awareness and commitment from the public and private sectors so that attackers no longer have the upper hand.
To read the full report, please click here:
https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024