Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Security IT

Microsoft: Russia Behind 58% of Detected State-backed Hacks (apnews.com) 33

Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said. From a report: The devastating effectiveness of the long-undetected SolarWinds hack -- it mainly breached information technology businesses including Microsoft -- also boosted Russian state-backed hackers' success rate to 32% in the year ending June 30, compared with 21% in the preceding 12 months. China, meanwhile, accounted for fewer than 1 in 10 of the state-backed hacking attempts Microsoft detected but was successful 44% of the time in breaking into targeted networks, Microsoft said in its second annual Digital Defense Report, which covers July 2020 through June 2021.

While Russia's prolific state-sponsored hacking is well known, Microsoft's report offers unusually specific detail on how it stacks up against that by other U.S. adversaries. The report also cited ransomware attacks as a serious and growing plague, with the United States by far the most targeted country, hit by more than triple the attacks of the next most targeted nation. Ransomware attacks are criminal and financially motivated. By contrast, state-backed hacking is chiefly about intelligence gathering -- whether for national security or commercial or strategic advantage -- and thus generally tolerated by governments, with U.S. cyber operators among the most skilled. The report by Microsoft, which works closely with Washington government agencies, does not address U.S. government hacking.

This discussion has been archived. No new comments can be posted.

Microsoft: Russia Behind 58% of Detected State-backed Hacks

Comments Filter:
  • source (Score:5, Informative)

    by Geoffrey.landis ( 926948 ) on Thursday October 07, 2021 @02:32PM (#61869993) Homepage

    The actual details seem to be in the "second annual Digital Defense Report," here: https://www.microsoft.com/en-u... [microsoft.com]
    with a link to the full report here: https://query.prod.cms.rt.micr... [microsoft.com]

    • Re: (Score:1, Insightful)

      by Train0987 ( 1059246 )

      Is Russia "behind" the attacks or are VPN endpoints in Russia just very easy and convenient to use with no US Law Enforcement able to get logs from?

      I know, it can't be that very simple explanation...

  • Or do they just not bother with Microsoft?

    I mean China only has something like 10 times the population of the Russian Federation.

  • How Convenient (Score:2, Informative)

    by DesScorp ( 410532 )

    The report by Microsoft, which works closely with Washington government agencies, does not address U.S. government hacking.

    Which makes the report pretty much useless, as the US government is doubtless the number one state-based hacker in the world. I'd be willing to bet cash that the US government affiliated hackers break into more systems across the world than Russia and China combined. Being an "ally" doesn't exempt you, either. Ask Angela Merkel.

    • Which makes the report pretty much useless, as the US government is doubtless the number one state-based hacker in the world.

      The NSA values not being detected much higher than other countries. So including the US government probably wouldn't change much in a report of detected attacks.

  • Says who? (Score:2, Insightful)

    Oh! Says the US-compromised Microsoft.
  • Russia is probably using Ukrainian assets as a proxy. So most attacks originating from there should count for Russia as well.

  • I'd like to know what the percentage of US sponsored attacks are. As a US citizen, I demand that they be 0%.

    After RTFA, and poking around, I don't see any of those numbers.

    What is disturbing though is the nature of the nation state attacks. According to Microsoft and the article, the Russians are more about criminal and political activity and that China, North Korea, and Iran are more about attacking US critical infrastructure. It's no wonder why the US spends so much preparing for war.
    • by jeff4747 ( 256583 ) on Thursday October 07, 2021 @03:30PM (#61870249)

      I'd like to know what the percentage of US sponsored attacks are. As a US citizen, I demand that they be 0%.

      As another US citizen, I demand they be much higher than 0. Unilateral disarmament is not a good idea.

      • I'm talking actual attacks, not capability. I have little doubt the US was likely involved in Stuxnet. I hope its an exceptional case.

        I reluctantly agree we need offensive data systems capability, we should just not use it unless we are forced to defend ourselves. It is the same as nuclear weapons; in today's insane world we are forced to make them, but we should hope they are never used and we should work tirelessly to eliminate the need.

        Here is a case in point about why the offensive capability is pre
        • we should just not use it unless we are forced to defend ourselves

          Like if someone hacks a political campaign in order to influence an election?

          Would shutting down a pipeline in Russia by the US government be an appropriate response?

          Why wouldn't it be? Tit-for-tat is a pretty standard measure of appropriate response.

          • It's difficult to prove and an escalation is the last thing we want. I do think we need a potent offensive capability to serve as a deterrent in the event of an all out conventional war.
            • in the event of an all out conventional war.

              You realize we have much easier and more reliable methods to take out a pipeline during an "all out conventional war", right?

              Physical attacks on an opposing country only stop when there is realistic belief that they will result in counter-attacks.

              Cyberattacks will continue until there is a realistic belief that they will result in counter-attacks. "We won't ever do it unless there's a shooting war" isn't going to do that.

      • Luckily, in our post-truth world, you can both have it your way! You just each have to ask the right party.
  • by Miles_O'Toole ( 5152533 ) on Thursday October 07, 2021 @03:52PM (#61870321)

    Russia's attacks on the rest of the world seem to fall mostly into two categories: manipulation of social media and facilitation of criminal activity. Meanwhile, Russia's own laws controlling how its citizens use the internet have become increasingly draconian.

    It seems to me the best way to fight back would be to target individuals important to the smooth operation of Russia's physical, social and cyber-war infrastructure and ensure that they fall afoul of those laws. Basically, isolate Putin by framing his most effective servants.

  • I suspect Russia might reduce its malicious activity if the Internet Death Penalty was deployed. Cut them out of the Internet. First by simply blocking anything of obvious Russian origin, but when they circumvent that - probably almost immediately - you start cutting network links to their territory and make cross border ad-hoc connections illegal.

    They could probably still route through Iran or Best Korea, but that would be a huge inconvenience and make their traffic even more easily identifiable for furt

  • This is like Raytheon saying the US needs bigger bombs to take out the nuclear weapons program Iran doesn't actually have. And it's the NSA that wants to tap every device and communication online, not Russia.

    Big 'ol case of swiftboating and projection here.

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...