But the 134-page Digital Defence Report — which can be downloaded here — makes no mention of any malware generated by America's NSA, an organisation which has the biggest budget by far of any intelligence organisation.
[This report will only cover some of the data on state-sponsored attacks.]
Given that Microsoft has access to Windows telemetry data — and the operating system is used on more desktops than any other — it would have been a useful statistic for the company to include at least some mention of NSA-sponsored malware in a report this long. But given that the company is an active participant in US defence projects, perhaps that would not have sat well with Biden & Co.
Among the most targeted countries, the US was top with 46% of the attacks directed its way. But apart from Ukraine (19% of attacks) and Moldova (2%) there was hardly any mention of countries apart from those in Europe and the Middle East. Japan was the only Asian country that figured (3%).
The SolarWinds attacks, which were attributed to a Russian source, raised the percentage of attacks in Ukraine, the report claimed.
"We also noted targeting increases consistent with increasing geopolitical tensions between nations," it said. "Russia-based NOBELIUM [Microsoft's name for the alleged actors behind the SolarWinds attacks] raised the number of Ukrainian customers impacted from six last fiscal year to more than 1200 this year by heavily targeting Ukrainian government interests involved in rallying support against a build-up of Russian troops along Ukraine’s border.
This year marked a near quadrupling in targeting of Israeli entities, a result exclusively of Iranian actors, who focused on Israel as tensions sharply escalated between the adversaries."
Unsurprisingly, the countries named in what is called a "sample of nation state actors and their activities" includes all four countries that the US has on its blacklist when it comes to network attacks: Russia, China, Iran And North Korea. There is one outlier: Vietnam.
[Unfortunately, the chart for this is too large to reproduce at the size iTWire uses images.]
Later in the report, Turkey was also listed for its attempts to target telecommunications companies in the Middle East and Balkans.
The report said one noticeable change in state-sponsored attacks was the targeting of IT service providers "in order to more successfully exploit victims downstream who receive services from those IT providers".
"The most glaring examples of the use of this kind of strategy from the last year are the Russian SolarWinds attacks and the Chinese exploitation of a vulnerability in on-premises Microsoft Exchange servers."
In a detailed account of the SolarWinds attack, the most interesting takeout was in the screenshot below:
The report claimed that the success rate of Russia-backed attackers was 32% for the period covered and 21% in the July 2019 to June 2020 period.
The rate of success for Chinese-backed actors was higher (44%) even though overall they accounted for less than 1 in 10 of the total attacks listed.
The report has detailed sections on IoT security, disinformation (which is, strangely, called an emerging threat!), cyber crime, and hybrid workforce security.
All graphics taken from the report, courtesy Microsoft