Microsoft: SolarWinds Attack Highlights Growing Sophistication of Nation State Actors

Written by

Microsoft has highlighted the increasingly sophisticated cyber-threat landscape, particularly as a result of the rise in nation state attacks.

During a session at the Microsoft Ignite event, the company outlined some of the trends it is seeing and actions it is taking to help mitigate them.

There has been marked rise in cyber-attacks detected by Microsoft over recent years, both from cyber-criminals and nation state actors, with the latter becoming a particular cause for concern. Tom Burt, CVP, customer security and trust, Microsoft, said that “we have seen an increase in the volume of attacks and in the sophistication of those attacks, and they’re led primarily by attacks emanating from Russia but also Iran, North Korea and China.”

The wide-ranging SolarWinds attack at the end of last year, allegedly perpetrated by Russia, has emphasized the increasingly dangerous digital environment that governments, businesses and individuals are operating in. Vasu Jakkal, corporate vice-president, Microsoft Security, Compliance and Identity at Microsoft, noted that this breach was “one of the most widespread and complex events in cybersecurity history,” and “it was a clear reminder of what we are all up against.”

Explaining how the incident occurred, Burt said that as Microsoft helped FireEye investigate the incident from early on, it discovered that the threat actor had compromised the build process for the SolarWinds Orion application, making the malware very hard to detect. This led to 18,000 Solarwinds customers around the world.

Burt added: “Then this actor picked a much smaller number of those infected companies to drop a second stage of malware and go in and conduct their espionage war.”

The enormous damage caused by this attack is something of a game-changer, with more offensive action required to disrupt nation state attacks. This is an area Microsoft is becoming involved in via its digital crimes unit, which is targeting nation state actors as well as cyber-criminals. Burt revealed this includes “taking away the infrastructure and resources they use to conduct their attacks.”

In this environment, cyber-incidents need to be treated more like conventional warfare, with rules of engagement established to ensure private individuals and organizations are not impacted in the way they were during SolarWinds. Burt explained: “We have a policy team that works with our government in the US and governments around the world to try and encourage governments to adopt enforceable rules of conduct that will describe and confine the activity of nation states in cyberspace so that citizens and enterprises are protected against these nation state attacks.”

What’s hot on Infosecurity Magazine?