Microsoft Advocates Implementation of Norms and Rules for Responsible State Conduct in Cyberspace


With nation-state actors launching increasingly sophisticated cyberattacks designed to evade detection and further their strategic priorities, there is an urgent need for the adoption of a consistent, global framework that prioritizes human rights and protects people from reckless state behavior online, according to the Microsoft Corporation, an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services.

In its new Microsoft Digital Defense Report (MDDR) 2022, released on November 4, 2022, it detailed the threat landscape in the cybersecurity world and the increasing cyber aggression coming from authoritarian leaders around the world, while calling on all nations to “work together to implement norms and rules for responsible state conduct.”

The company attributed significant crime activities to nation-states and governmental actors seeking to advance the interests of their countries, saying “Nation state threat actors around the world continue to expand their operations in new and old ways.”

Microsoft explained in the 114-page report that nation state threats are cyber threat activities that originate in a specific country with the apparent intent of furthering national interests, adding that “nation states whose threat groups we include in this report are Russia, China, Iran, and North Korea” as they “represent the countries of origin for the most commonly observed actors targeting Microsoft customers over the past year.”

It said the report also includes the company’s observations about threat groups from Lebanon and from cyber mercenaries, or private sector offensive actors for hire.

Microsoft stressed that “nation state actors present some of the most advanced and persistent threats our customers face, including intellectual property theft, espionage, surveillance, credential theft, destructive attacks, and more” and specifically identified China, North Korea, Iran, and Russia as having “carried out attacks on Microsoft customers”.

It said in the report that the advent of cyberweapon deployment in the hybrid war in Ukraine “is the dawn of a new age of conflict”, noting that “Cybersecurity hygiene became even more critical as actors rapidly exploited unpatched vulnerabilities, used both sophisticated and brute force techniques to steal credentials, and obfuscated their operations by using opensource or legitimate software.”

Microsoft noted that nation State actors have a variety of objectives that can result in targeting specific groups of organizations or individuals, saying that by compromising IT service providers, threat actors are often able to reach their original target through a trusted relationship with the company that manages connected systems, or potentially execute attacks on a much larger scale by compromising hundreds of downstream customers in one attack.

It also observed that after the IT sector, the most frequently targeted entities were think tanks, academics attached to universities, and government officials, saying that these are desirable “soft targets” for espionage to collect intelligence on geopolitical issues.

Microsoft’s Corporate Vice President, Customer Security and Trust, Tom Burt, said in his introduction to the report: “Cybercriminals continue to act as sophisticated profit enterprises. Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure. At the same time, cybercriminals are becoming more frugal. To lower their overhead and boost the appearance of legitimacy, attackers are compromising business networks and devices to host phishing campaigns, malware, or even use their computing power to mine cryptocurrency.”

The MDDR reported that in an effort to dismantle cybercrime, to date, Microsoft has removed more than 10,000 domains used by cybercriminals and 600 used by nation state actors, noting that the volume of password attacks during the period under review has risen to an estimated 921 attacks per second, representing a 74 percent increase in just one year.

According to Mr. Burt, Microsoft is using “legal and technical means to seize and shut down infrastructure used by cybercriminals and nation state actors and notify customers when they are being threatened or attacked by a nation state actor.”

He said:  “We work to develop increasingly effective features and services that use AI/ML technology to identify and block cyber threats and security professionals defend against and identify cyber-intrusions more rapidly and effectively.  Perhaps most importantly, throughout the MDDR we offer our best advice on the steps individuals, organizations, and enterprises can take to defend against these increasing digital threats. Adopting good cyber hygiene practices is the best defense and can significantly reduce the risk of cyberattacks.”