Microsoft warns of AI-driven cyber threats & ransomware rise

An emerging landscape of cyber threats highlights the complex interactions between nation-state actors and cybercriminals, according to Microsoft's latest Digital Defense Report.

The report places Australia as the sixth most targeted nation in the South Asia, East Asia, and Pacific region. One of the key findings reveals a growing trend in the collusion between nation-state actors and cybercrime gangs. This collaboration involves sharing tools and techniques for financial gain and intelligence collection.

The Microsoft Digital Defense Report also points to a 2.75-fold increase in ransomware attacks, alongside a significant 400% surge in tech scams. Microsoft observes that both cybercriminals and nation-state actors are experimenting with artificial intelligence to enhance their cyberattacks, though its influence remains limited for now.

Nick Begho, General Manager of Microsoft Australia, commented on the urgent need for collaboration to strengthen cybersecurity, "We must find a way to stem the tide of this malicious cyber activity.

That includes continuing to harden our digital domains to protect our networks, data, and people at all levels. However, this challenge will not be accomplished solely by executing a checklist of cyber hygiene measures but only through a focus on and commitment to the foundations of cyber defence from the individual user to the corporate executive and to government leaders."

Microsoft identifies nation-state actors like Russia, Iran, and China as key players in these threats. Russian actors have reportedly outsourced cyberespionage operations to criminal groups, particularly in targeting Ukraine. Iranian threat actors have engaged in ransomware operations while offering to remove specific individual profiles from leaked data for a fee. In North Korea, a new actor has emerged deploying a custom ransomware variant.

Microsoft reports that approximately 75% of Russian hacking targets involved Ukraine or NATO member states, reflecting Moscow's efforts to gather intelligence on Western policies related to the ongoing war. Meanwhile, Chinese threat actors continue to focus on Taiwan and Southeast Asia, while Iranian operatives have shifted focus towards Israel and the UAE.

In anticipation of the U.S. election, Microsoft notes that threat actors from Russia, Iran, and China are leveraging geopolitical tensions to influence domestic American issues. A surge of election-related spoofed links has been detected, emphasising the dual motivations of financial profit and political influence.

The report reveals the importance of public and private sector collaboration to combat these threats effectively. Microsoft's Secure Future Initiative exemplifies this effort to protect networks and individuals from cyber intrusions.

Financially motivated attacks continue to be a challenge, with a marked increase in ransomware and tech scams. The report notes that scams now have a more rapid turnover, highlighting the dynamic nature of these threats.

The incorporation of AI by threat actors underscores the evolving threat, although the report is optimistic about AI's potential in cybersecurity. AI can aid security professionals in responding quickly to threats.

In order to counter these pervasive cyber threats, Microsoft stresses the need for both cybersecurity advancements and governmental action to impose consequences on malicious behaviour, thus balancing defence with deterrence.

Microsoft continues to disseminate critical threat intelligence to communities, including research on cyber risks affecting various sectors such as education.