And more than half of cyberattacks tracked by Microsoft originated in Russia.
Government entities represented the most targeted sector by hackers since mid-2020, according to Microsoft, which released its annual Digital Defense Report Thursday.
The 130-page report details worldwide threat activity distilled by Microsoft from July 2020 through June 2021 and found 48% of all attacks involved governments—far higher than any other sector. The United States faced nearly half (46%) of all cyberattacks, significantly more than Ukraine, which faced the second most attacks (19%). The U.S. faced more than five times as many cyberattacks as the United Kingdom, which was the third-most attacked nation.
The most frequent culprit perpetrating cyberattacks was Russia, which accounted for 58% of all cyberattacks by Microsoft customers. Hackers tied to the Russian government breached at least nine federal agencies late last year through vulnerabilities in IT firm SolarWinds, resulting in sanctions from the federal government. That hack, along with the ransomware attack on Colonial Pipeline, resulted in a wide-ranging executive order on bolstering the nation’s cybersecurity issued by President Joe Biden in May.
Over the past year, Russia-based activity groups have solidified their position as acute threats to the global digital ecosystem,” the report states. “They have also shown a high tolerance for collateral damage, which leaves anyone with connections to targets of interest vulnerable to opportunistic targeting.”
“Attackers worldwide, either affiliated directly with governments or with more loose connections, are continuing to perform research against targets in order to be more convincing in an attack, develop new techniques that have not been seen before, or even mimic criminal behavior in an attempt to obfuscate intent and objective,” the report continued.
The report also delineates what hackers from certain countries targeted. For example, attacks originating from Russia only targeted critical infrastructure 2% of the time, with 97% of attacks targeting noncritical infrastructure. Conversely, attacks from China (13%) and Iran (8%) more regularly targeted critical infrastructure.