Microsoft reports spike in foreign targeting of COVID-19 researchers, think tanks


Microsoft said Tuesday it had seen a major spike in foreign efforts to target U.S. public policy groups and organizations involved in COVID-19 research, marking a shift from previous cyber attempts to disrupt critical infrastructure.

Tom Burt, corporate vice president of consumer security and trust at Microsoft, warned in a blog post detailing Microsoft’s Digital Defense Report that “threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets.”

The report found that countries like Russia were now focusing on nongovernmental organizations, human rights groups, think tanks, colleges and universities and other groups involved in public policy. Coronavirus researchers have also been a top target.

“Microsoft observed sixteen different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics,” Burt wrote. “These COVID-themed attacks targeted prominent governmental healthcare organizations in efforts to perform reconnaissance on their networks or people. Academic and commercial organizations involved in vaccine research were also targeted.”

Microsoft said 52 percent of all nation-state targeting over the past year originated from Russia, with the other half coming from China, North Korea and Iran.

The U.S. was the target of almost 70 percent of attacks, followed by the United Kingdom at 19 percent, and Canada, South Korea and Saudi Arabia rounding out the top five.

Burt noted that COVID-19 fears were being exploited by malicious actors, with coronavirus-themed phishing emails and malware viruses spiking in March as part of attempts to trick individuals into disclosing personal account credentials.

As remote working has increased during the pandemic, Microsoft observed an uptick in cyber targeting of people working from home.

The company said it had blocked 13 billion malicious and suspicious emails, determining that 1 billion of them were attempting to steal credentials.

Earlier this month, Microsoft released an assessment warning that it was seeing “increasing” attacks from Russian, Chinese and Iranian hackers targeting U.S. political groups, including the campaigns of President Trump and Democratic presidential nominee Joe Biden.

Cyber threats have spiked across sectors during the COVID-19 pandemic as cyber criminals have looked to take advantage of the crisis and target vulnerable companies and employees adapting to new working conditions.

Hospitals and other health care groups have been widely targeted. Universal Health Services — a major hospital chain with locations in the United States and United Kingdom — was hit by a debilitating ransomware attack earlier this week.

Burt noted that while Microsoft was taking a range of measures to respond to the various attacks, defending against cyber targeting required a broader effort.

“Even with all of the resources we dedicate to cybersecurity, our contribution will only be a small piece of what’s needed to address the challenge,” Burt wrote. “It requires policymakers, the business community, government agencies and, ultimately, individuals to make a real difference, and we can only have significant impact through shared information and partnerships.”

Tags China COVID-19 Cyberattack Donald Trump Iran Joe Biden Malware Microsoft North Korea Pandemic Russia
See all Hill.TV See all Video