Critical Infrastructure Security, Threat Management, Vulnerability Management

Attacks on critical infrastructure doubled in the past year, Microsoft says

Ukraine power station
Cyberattacks targeting critical infrastructure increased to 40% of all nation-state attacks Microsoft detected, in large part to Russia's conflict with Ukraine. (Photo by Ed Ram/Getty Images)

In the Microsoft Digital Defense Report 2022, the software maker said cyberattacks targeting critical infrastructure around the world jumped from 20% of all nation-state attacks Microsoft detected to 40%.

The report, released Friday, said the large increase in attacks on critical infrastructure was caused in large part to Russia’s attempts to damage Ukrainian infrastructure, along with aggressive espionage targeting of Ukraine’s allies, including the United States.

Russia also accelerated its attempts to compromise IT companies as a way to disrupt or gain intelligence from their government customers in NATO member countries, Microsoft said. Ninety percent of Russian attacks Microsoft detected over the past year targeted NATO member states, and 48% of these attacks targeted IT firms based in NATO countries.

While Russia’s ongoing war with Ukraine was a leading cause for the increase in nation-state attacks, the Microsoft report also cited stepped-up espionage activities on the part of China, Iran and North Korea, and an increased in financial cybercrime.

In response to these increased attacks, Microsoft said security teams should pay attention to the basics: enabling multi-factor authentication; applying security patches; being intentional about who has privileged access to systems; and deploying modern security solutions. Microsoft pointed out that the average enterprise has some 3,500 connected devices that are not protected by basic endpoint protections — and attackers take advantage.

With high-profile state actors having more conventional resources, cyberwarfare is still an attractive way to engage with peer and near-peer adversaries, said Mike Parkin, senior technical engineer at Vulcan Cyber. Infrastructure attacks are a way to damage an opponent without escalating to an open conflict, Parkin said.

“Security teams protecting critical infrastructure need to be on their A-game and can’t afford to relax their security posture,” Parkin said. “Deploying the proper tools and training is more important now, given the current geopolitical and cybercriminal landscape, than it has been in the past. The same holds true for conventional businesses, particularly those in the defense and tech industries, and for non-critical infrastructure as well.”

Craig Burland, chief information security officer at Inversion6, said organizations need to understand that the threat to critical infrastructure is real.

“There’s no industry or business exempt from cyber threats,” Burland said. “If you review the list of target industries for nation-state and cybercriminal organizations, you will almost certainly find yours. Organizations with critical infrastructure must rethink and reprioritize the security investments they’ve been putting off, that project that’s perpetually understaffed, and that red metric they’ve been ignoring.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.