Microsoft: Russia Behind 58% of Detected State-backed Hacks (apnews.com) 33
Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said. From a report: The devastating effectiveness of the long-undetected SolarWinds hack -- it mainly breached information technology businesses including Microsoft -- also boosted Russian state-backed hackers' success rate to 32% in the year ending June 30, compared with 21% in the preceding 12 months. China, meanwhile, accounted for fewer than 1 in 10 of the state-backed hacking attempts Microsoft detected but was successful 44% of the time in breaking into targeted networks, Microsoft said in its second annual Digital Defense Report, which covers July 2020 through June 2021.
While Russia's prolific state-sponsored hacking is well known, Microsoft's report offers unusually specific detail on how it stacks up against that by other U.S. adversaries. The report also cited ransomware attacks as a serious and growing plague, with the United States by far the most targeted country, hit by more than triple the attacks of the next most targeted nation. Ransomware attacks are criminal and financially motivated. By contrast, state-backed hacking is chiefly about intelligence gathering -- whether for national security or commercial or strategic advantage -- and thus generally tolerated by governments, with U.S. cyber operators among the most skilled. The report by Microsoft, which works closely with Washington government agencies, does not address U.S. government hacking.
While Russia's prolific state-sponsored hacking is well known, Microsoft's report offers unusually specific detail on how it stacks up against that by other U.S. adversaries. The report also cited ransomware attacks as a serious and growing plague, with the United States by far the most targeted country, hit by more than triple the attacks of the next most targeted nation. Ransomware attacks are criminal and financially motivated. By contrast, state-backed hacking is chiefly about intelligence gathering -- whether for national security or commercial or strategic advantage -- and thus generally tolerated by governments, with U.S. cyber operators among the most skilled. The report by Microsoft, which works closely with Washington government agencies, does not address U.S. government hacking.
source (Score:5, Informative)
The actual details seem to be in the "second annual Digital Defense Report," here: https://www.microsoft.com/en-u... [microsoft.com]
with a link to the full report here: https://query.prod.cms.rt.micr... [microsoft.com]
Re: (Score:1, Insightful)
Is Russia "behind" the attacks or are VPN endpoints in Russia just very easy and convenient to use with no US Law Enforcement able to get logs from?
I know, it can't be that very simple explanation...
Re:So a Russian bear and a Chinese dragon... (Score:5, Interesting)
Why do you think of Microsoft as a soft target?
There was obviously a time when the world was transitioning from "networks are mostly full of generally trusted people" to "networks are big scary places full of mostly non-trusted people" (that is, when everyone went from internal networks full of people working for the same company, to internet-connected networks where world+dog could and did try to break things), and a great many security flaws were found and fixed. Since MSFT had a wealth of old software, it took quite a while to find and eradicate all those long-standing issues.
That said, they've had quite a focus on security for some time. I'm certain there are still vulnerabilities in current products, but that's true for pretty much everyone. Is Apache really any better? How about Intel CPUs? Or Android devices? Or iPhones (looking at you, Pegasus)? Maybe Amazon and their S3 buckets of doom and despair?
Given the choice to host data on MSFT, Google, or AWS clouds, I would choose MSFT any day based on security alone. That, and I trust them slightly more to not trawl through my data just so they can figure out how to sell things to me better.
Re: (Score:3)
Thoughtfully asked and you provide interesting context. I think you should have been more explicit about the scope of the software you are focusing on.
My short answer is feeping creaturitis. That's the extreme form of creeping featuritis. Feature creep is always a major problem, but Microsoft has created an environment where they MUST add more and more features creating more and more risks. Hence Microsoft became and remains a soft target.
Let me use Windows 11 as an example. Why would anyone consider an OS
Re: (Score:3)
If their current OS does everything that's needed, would the newer OS really be an upgrade? I don't think so, but I'm willing to be persuaded.
Re: (Score:3)
You're replying to me, but if you're sincerely asking to be persuaded, you're asking the wrong person.
I actually think Windows 95 was sufficient for my purposes, and if that OS was still supported, I might still be using it. Yes, there are some functions and capabilities that I am using that are beyond the capabilities of Windows 95, but I would prefer to add the support for such features ONLY as needed, and not at the OS level.
By the way, I think the feeping creaturitis of Windows has pushed and pulled the
Re: (Score:2)
> but Microsoft is such a soft target that how can we possibly take Microsoft's word for it?
Where's your evidence for this statement? It appears to be entirely fictitious.
Windows boxes rarely have malware issues anymore, because they've long all come with Windows defender, and updates are forced on people (though you probably whinge about that too no doubt).
Microsoft basically never sees their services hacked, which is more than can be said for most other big tech companies.
The most serious security vuln
Re: (Score:1)
So a Russian bear and a Chinese dragon walk into a bar. The dragon complains that the bar is too hot, but the bear says "Shut your mouth." (Deepest apologies to Jimmy Carr.)
But seriously folks, we're talking about Microsoft security here. I'm not denying that there are black hats working for Putin, but Microsoft is such a soft target that how can we possibly take Microsoft's word for it? Especially as regards the "detected" part of this story. (I wish someone would take Word. And make it go away.)
Actually, I can sort of answer my own question. (1) Microsoft has the money to hire some good people, including security experts. And (2) The black hat hackers rob Microsoft's data banks because that's where the suckers are. My own theory is that anyone who is serious about security doesn't use a lot of Microsoftware. (Third joke's the flop?)
Really? Overrated repeatedly before it's rated anything? I guess that calls for a requoting, even a challenge to squander more "precious" mod points. Or maybe it's a response to censorship? However, as weak as the joke was, I can't see the possible outrage.
Is China slacking? (Score:2)
Or do they just not bother with Microsoft?
I mean China only has something like 10 times the population of the Russian Federation.
Re:Is China slacking? (Score:5, Funny)
Is China slacking?
Nope! Russia is behind the majority of the *detected* hacks. China has better hackers; they're behind the undetected hacks.
Re: (Score:2)
It helps when you have backdoors in the routers.
China has no Need (Score:2)
How Convenient (Score:2, Informative)
The report by Microsoft, which works closely with Washington government agencies, does not address U.S. government hacking.
Which makes the report pretty much useless, as the US government is doubtless the number one state-based hacker in the world. I'd be willing to bet cash that the US government affiliated hackers break into more systems across the world than Russia and China combined. Being an "ally" doesn't exempt you, either. Ask Angela Merkel.
Re: (Score:3)
Which makes the report pretty much useless, as the US government is doubtless the number one state-based hacker in the world.
The NSA values not being detected much higher than other countries. So including the US government probably wouldn't change much in a report of detected attacks.
Says who? (Score:2, Insightful)
Ukraine (Score:2)
Russia is probably using Ukrainian assets as a proxy. So most attacks originating from there should count for Russia as well.
Show us the numbers (Score:1)
After RTFA, and poking around, I don't see any of those numbers.
What is disturbing though is the nature of the nation state attacks. According to Microsoft and the article, the Russians are more about criminal and political activity and that China, North Korea, and Iran are more about attacking US critical infrastructure. It's no wonder why the US spends so much preparing for war.
Re:Show us the numbers (Score:5, Insightful)
I'd like to know what the percentage of US sponsored attacks are. As a US citizen, I demand that they be 0%.
As another US citizen, I demand they be much higher than 0. Unilateral disarmament is not a good idea.
Re: (Score:2)
I reluctantly agree we need offensive data systems capability, we should just not use it unless we are forced to defend ourselves. It is the same as nuclear weapons; in today's insane world we are forced to make them, but we should hope they are never used and we should work tirelessly to eliminate the need.
Here is a case in point about why the offensive capability is pre
Re: (Score:2)
we should just not use it unless we are forced to defend ourselves
Like if someone hacks a political campaign in order to influence an election?
Would shutting down a pipeline in Russia by the US government be an appropriate response?
Why wouldn't it be? Tit-for-tat is a pretty standard measure of appropriate response.
Re: (Score:2)
Re: (Score:2)
in the event of an all out conventional war.
You realize we have much easier and more reliable methods to take out a pipeline during an "all out conventional war", right?
Physical attacks on an opposing country only stop when there is realistic belief that they will result in counter-attacks.
Cyberattacks will continue until there is a realistic belief that they will result in counter-attacks. "We won't ever do it unless there's a shooting war" isn't going to do that.
Re: Show us the numbers (Score:2)
There's more than one way to fight a cyber war (Score:5, Interesting)
Russia's attacks on the rest of the world seem to fall mostly into two categories: manipulation of social media and facilitation of criminal activity. Meanwhile, Russia's own laws controlling how its citizens use the internet have become increasingly draconian.
It seems to me the best way to fight back would be to target individuals important to the smooth operation of Russia's physical, social and cyber-war infrastructure and ensure that they fall afoul of those laws. Basically, isolate Putin by framing his most effective servants.
Time for the IDP then. (Score:2)
I suspect Russia might reduce its malicious activity if the Internet Death Penalty was deployed. Cut them out of the Internet. First by simply blocking anything of obvious Russian origin, but when they circumvent that - probably almost immediately - you start cutting network links to their territory and make cross border ad-hoc connections illegal.
They could probably still route through Iran or Best Korea, but that would be a huge inconvenience and make their traffic even more easily identifiable for furt
wannabe NSA contractor says what? (Score:1)
This is like Raytheon saying the US needs bigger bombs to take out the nuclear weapons program Iran doesn't actually have. And it's the NSA that wants to tap every device and communication online, not Russia.
Big 'ol case of swiftboating and projection here.