Microsoft warns business customers at risk of state-sponsored attacks

Graphic depicting cyber warfare as a soldier works in a room full of computers

Microsoft has revealed that approximately 10,000 of its customers were the target of a state-sponsored attack, or even compromised by a foreign power, over the last 12 months.

As organisations and politicians gear up for the US presidential race in 2020, the firm published data showing that enterprise customers make up 84% of those targeted. The vast majority of these groups are based in America, while the remaining 16% are consumer personal email accounts.

Those targeted are mostly connected with the essential functions of democracy, like think tanks or non-governmental organisations (NGOs), and tend not to have the resources to defend against cyber threats of this scale, the firm added.

Data has also revealed that attacks are being launched by five main groups spread across Iran, Russia, and North Korea, according to Microsoft's Threat Intelligence Centre. Holmium and Mercury operate from Iran, while Yttrium and Strontium run campaigns from Russia. The most prominent North Korean group on the company's radar is dubbed Thallium.

"While many of these attacks are unrelated to the democratic process, this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives," said Microsoft's corporate vice president for customer security and trust Tom Burt.

"Many of the democracy-focused attacks we've seen recently target NGOs and think tanks, and reflect a pattern that we also observed in the early stages of some previous elections.

"In this pattern, a spike in attacks on NGOs and think tanks that work closely with candidates and political parties, or work on issues central to their campaigns, serve as a precursor to direct attacks on campaigns and election systems themselves."

Cyber attacks have become a preferred method for spreading economic disruption in recent years compared to traditional tools like economic sanctions or deploying military units, particularly as an attack can be launched with relative ease and without necessarily exposing the attacking country to immediate international attention. This has been highlighted most recently by rising tensions between the US and Iran.

Russia, meanwhile, was found to have interfered with the 2016 US election, and subsequent public votes, like the 2018 US mid-terms or even the French parliamentary elections in 2017 were shrouded in fears of meddling with electronic ballots.

Microsoft showcased its new ElectionGuard technology at the Aspen Security Forum this week, a secure voting machine that the company hopes will prevent manipulation of voting records in future elections.

The system works by giving voters a tracking code when they cast their ballot, which they then enter into an election website to verify their identity, and confirm whether or not their vote has been tampered with.

Encryption will be deployed, moreover, to allow the counting of votes without revealing to any user what those votes are. The machines will also print physical copies of voters' ballots to drop into traditional voting boxes.

The company is planning to release the software behind the technology as open-source on GitHub later in 2019, rather than commercially release its own voting machines.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.