Microsoft says customers face 600 million attacks per day and the lines between nation states and cybercriminals are blurring
This article was authored by a 3rd party not related to PlanetVoters.com and any opinions or views expressed are not a reflection of PlanetVoters.com.
By Benedict Collins
October 15, 2024
Microsoft customers are facing over 600 million cyber attacks per day, ranging from simple phishing attacks launched by opportunistic individuals, to complex ransomware and espionage campaigns conducted by state-sponsored cyber groups, the company has claimed.
Microsoft’s fifth annual Digital Defense Report has examined how cyber criminals and nation states are motivated, interact, and conduct attacks.
Geopolitical tensions are also fueling cyber attacks, as adversaries seek to gain the upper hand by disrupting critical infrastructure and stealing technological, political and military secrets. As a result, nation states are taking advantage of the skills provided by cybercrime organizations, and exchanging them for funding and training.
Tactics, techniques, and procedures have changed – but not motives
The motivations for both cybercrime organizations and state-sponsored groups have overwhelmingly remained the same, with the former being financially motivated and the latter motivated by damage, intelligence and influence. What has changed however, is the tactics, techniques, and procedures (TTPs) used.
Microsoft has observed nation state actors increasingly rely on tried and tested infrastructure used by cyber criminal groups, such as infostealers and command and control (C2) frameworks, to conduct attacks. For example, Russian threat actor Storm-2049 was spotted using the Xworm and Remcos RAT tools – malwareavailable for purchase or for free and usually used by cyber criminals – to attack at least 50 Ukrainian military devices. Remcos RAT was recently hidden by cyber criminals inside fake patches during the CrowdStrike outage earlier this year.
North Korea is also adapting its espionage campaigns to provide financial benefits by deploying a bespoke ransomware called FakePenny, which has been used to exfiltrate sensitive data from the aerospace and defense sectors for intelligence purposes before encrypting files and requesting a ransom. Both of these examples signify a blurring of the lines between nation state threat actors and cyber criminal groups.
To read the full article, click here: