Security Market Segment LS
Friday, 08 October 2021 09:42

Microsoft report details nation-state attacks, forgets that NSA exists Featured

Microsoft report details nation-state attacks, forgets that NSA exists Image by Tumisu from Pixabay

ANALYSIS A detailed security report from Microsoft somewhat predictably claims that 58% of state-sponsored network attacks in 2020-21 came from Russia.

But the 134-page Digital Defence Report — which can be downloaded here — makes no mention of any malware generated by America's NSA, an organisation which has the biggest budget by far of any intelligence organisation.

[This report will only cover some of the data on state-sponsored attacks.]

Given that Microsoft has access to Windows telemetry data — and the operating system is used on more desktops than any other — it would have been a useful statistic for the company to include at least some mention of NSA-sponsored malware in a report this long. But given that the company is an active participant in US defence projects, perhaps that would not have sat well with Biden & Co.

On the plus side, there are a few mentions of Windows being the access point or staging ground for attacks. This is a perspective which the entire security industry is wary of canvassing as Microsoft is the source of an enormous amount of business.

digital defence one

Among the most targeted countries, the US was top with 46% of the attacks directed its way. But apart from Ukraine (19% of attacks) and Moldova (2%) there was hardly any mention of countries apart from those in Europe and the Middle East. Japan was the only Asian country that figured (3%).

The SolarWinds attacks, which were attributed to a Russian source, raised the percentage of attacks in Ukraine, the report claimed.

"We also noted targeting increases consistent with increasing geopolitical tensions between nations," it said. "Russia-based NOBELIUM [Microsoft's name for the alleged actors behind the SolarWinds attacks] raised the number of Ukrainian customers impacted from six last fiscal year to more than 1200 this year by heavily targeting Ukrainian government interests involved in rallying support against a build-up of Russian troops along Ukraine’s border.

This year marked a near quadrupling in targeting of Israeli entities, a result exclusively of Iranian actors, who focused on Israel as tensions sharply escalated between the adversaries."

digital defence sectors

Unsurprisingly, the countries named in what is called a "sample of nation state actors and their activities" includes all four countries that the US has on its blacklist when it comes to network attacks: Russia, China, Iran And North Korea. There is one outlier: Vietnam.

[Unfortunately, the chart for this is too large to reproduce at the size iTWire uses images.]

Later in the report, Turkey was also listed for its attempts to target telecommunications companies in the Middle East and Balkans.

The report said one noticeable change in state-sponsored attacks was the targeting of IT service providers "in order to more successfully exploit victims downstream who receive services from those IT providers".

"The most glaring examples of the use of this kind of strategy from the last year are the Russian SolarWinds attacks and the Chinese exploitation of a vulnerability in on-premises Microsoft Exchange servers."

In a detailed account of the SolarWinds attack, the most interesting takeout was in the screenshot below:

digital defence three

The report claimed that the success rate of Russia-backed attackers was 32% for the period covered and 21% in the July 2019 to June 2020 period.

The rate of success for Chinese-backed actors was higher (44%) even though overall they accounted for less than 1 in 10 of the total attacks listed.

The report has detailed sections on IoT security, disinformation (which is, strangely, called an emerging threat!), cyber crime, and hybrid workforce security.

All graphics taken from the report, courtesy Microsoft

Subscribe to ITWIRE UPDATE Newsletter here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News