Microsoft says it has notified approximately 10,000 of its customers in the past year that targets or threatened groups at risk are sponsored by the state.
"Approximately 84% of these attacks targeted our business customers, and approximately 16% are on target consumer e-mail accounts," says Microsoft vice president for security and customer trust, Tom Burt.
These figures show that national states rely on cyber attacks as means of collecting and acquiring intelligence, as well as "affecting geopolitics or achieving other goals".
781 notifications issued through AccountGuard
In recent years, hacker groups from Iran, North Korea and Russia lag behind the vast majority of attacks by national states on Microsoft customers, with the most notable activities arising from threats such as "Holmium and Mercury, operating from Iran, Thallium, which operates from North Korea and two Russian operators call itry and strontium. "
The data collected by the Microsoft Threat Intelligence Center during the analysis of these attacks added Redmond to its security products, which help the company to protect its customers from future groups of user-targeted operations.
Microsoft also issued 781 notifications to organizations that are part of the free AccountGuard service after identifying a number of APT-coordinated attacks targeted at core subjects of democracy such as political parties and campaigns, as well as research units and NGOs, which are focused on democracy. countries on four continents.
Microsoft AccountGuard provides registered organizations with information about potential threats or compromising O365 accounts of state-level actors and guidelines for best security practices for the proper security of digital assets.
"These data show that US democracy-oriented organizations should be particularly concerned, as 95% of these attacks are targeted at US organizations," Burt adds. "By nature, these organizations are critical to society, but they have less resources to protect themselves against cyber attacks than large companies."
Attacks on elections and democratic institutions
While monitoring cyber-spy campaigns backed by a nation-state, Microsoft detected attacks on US presidential elections in 2016 and the latest French presidential election. Bear or APT28).
At the time, Microsoft's Digital Crimes Unit (DCU) was able to take control of six Fancy Bear Internet domains controlled by the threat group and partly interfere with its operation. Twelve other times were used with this technique to remove another 84 APT28 domains.
Redmond's Intelligence Center (MSTIC) and the Digital Accident Prevention Unit (DCU) discovered a number of other cybernetic campaigns for European democratic institutions between September and December 2018, with employees of the German Foreign Relations Council, the Aspen Institute in Europe and the German Marshall Fund among some target individuals in these attacks.
This latest series of state-level cyberattack attacks targeting European countries was also attributed to a group of strontium hackers and involved more than 100 accounts of employees in the organization from Belgium, France, Germany, Poland, Romania and Serbia.
"According to campaigns against similar US institutions, attackers in most cases create malicious URLs and false e-mail addresses that are legitimate. These underwater campaigns seek to gain access to employee credentials and deliver malicious software, "said Burt in February.
A software development kit for voice protection demoed
Microsoft has also introduced a free software development kit (SDK) designed to produce ElectionGuard software at the Aspen Security Forum in Aspen, Colorado, created by the Defending Democracy program.
ElectionGuard can be used to insure voting machines against tampering and make voting more accessible and more effective at polling stations across the US and other democratic countries around the world.
Some of the benefits of using ElectionGuard for securing voting machines are "to allow end-to-end, end-to-end, third-party credentials, and allow voters to validate the vote."
Although ElectionGuard can be used both for new and existing hardware systems from different manufacturers, Microsoft's demonstration "is built using the Microsoft Surface Tablet PC in the kiosk, the Xbox Adaptive Controller as an optional access device and a standard printer. "
"When we go to the 2020 elections, given the widespread reliance on cyber attacks on national states and the use of cyber attacks for the special direction of democratic processes, we expect to see attacks targeting US electoral systems, political campaigns, or non-governmental organizations that are closely involved. campaigns, "added Burt.