Microsoft said 29pc of Russian cyberattacks have been successful and that ‘significant collective defensive weaknesses’ exist in European countries.
Russian cyberattacks have grown since the start of the invasion of Ukraine, with attacks aimed at the US, Baltic countries and NATO countries.
That’s according to a new report from Microsoft, which said it has detected Russian “network intrusion efforts” on 128 organisations in 42 countries outside Ukraine.
The US has been the main target, Microsoft said, but attacks have also prioritised Poland, where much of the logistics around military and humanitarian aid are being coordinated.
The report detailed that Russian intelligence agencies have “stepped up network penetration and espionage activities” against Ukraine’s allies. It added that there has been an increase in cyber activity over the past two months targeting Denmark, Norway, Finland, Sweden, and Turkey, along with an increase targeting the foreign ministries of NATO countries.
The report said 29pc of the recorded Russian cyberattacks have been successful. A quarter of these successful intrusions led to the exfiltration of data, though the report noted that this “likely understates” the degree of Russian success.
Almost half of the recorded cyberattacks were aimed at government networks, but the list of targets also includes think tanks, humanitarian organisations, IT companies, energy suppliers and other critical infrastructure.
This is not the first warning about critical infrastructure and cyberattacks. In March, US president Joe Biden warned companies to bolster their cybersecurity efforts as “evolving intelligence” suggested that Russia was planning cyberattacks targeting critical infrastructure in the US.
“The cyber aspects of the current war extend far beyond Ukraine and reflect the unique nature of cyberspace,” Microsoft president Brad Smith said in the company’s new report. “The internet itself, unlike land, sea and the air, is a human creation that relies on a combination of public and private sector ownership, operation and protection.
“This in turn requires a new form of collective defence,” Smith added.
Collective defensive weaknesses
Microsoft said that most of the victims of Russian cyberattacks were operating on premise instead of in the cloud. It added that examples such as the SolarWinds hack last year demonstrated that Russian agencies have “extremely sophisticated capabilities to implant code”.
The report noted that while the US has increased its defensive protections, the implementation of security advances remains uneven, particularly among European governments.
“As a result, significant collective defensive weaknesses remain,” it said.
Russia is increasing its efforts on influencing audiences and many Russian cyber-influencing operations can go for months without proper detection, Microsoft noted, which can impact a wide range of “important institutions”.
In order to respond to the growing cyberattacks, the company said that a collective response is needed to better detect, defend against, disrupt and deter foreign cyberthreats.
In a joint advisory in March, the FBI and the Cybersecurity and Infrastructure Security Agency warned organisations to be on alert and bolster their multifactor authentication security after revealing details of how state-sponsored hackers in Russia were able to gain access to an unnamed NGO’s network.
The following month, cybersecurity authorities from nations in the Five Eyes intelligence alliance issued a warning about the threat of Russian state-sponsored cyberattacks on critical infrastructure systems.
Last week, the Irish Government joined Microsoft’s Government Security Program in a bid to protect the nation’s critical infrastructure against cyberattacks.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
Microsoft president Brad Smith at Web Summit in 2019. Image: Harry Murphy/Web Summit via Flickr/Sportsfile (CC BY 2.0)