REDMOND, Wash. — Redmond may be thousands of miles from a war zone, while simultaneously being on the front line.
Some of our threat intelligence analysts were some of the first observers of the first shots fired in the Russian invasion,” says Steven Masada, “Those shots weren’t bullets. They weren’t cannon fire. They were, in fact, cyber attacks originating from Russia targeting critical infrastructure inside of Ukraine.
Masada is the Assistant General Counsel of the Digital Crimes Unit, headquartered on the company’s eastside campus. During a rare peek inside, Masada showed off the site that is making millions of moves a day to thwart cyber attacks that he says originate in China, Russia, Iran, and North Korea.
“The sad reality is that criminals, and in particular, cyber criminals, are some of the most innovative people on planet Earth,” he said during the visit to the DCU.
The issue has unfortunately gained new attention in the wake of last week’s IT issues involving Amazon and Alaska Airlines. The airline blames the cancellation of hundreds of flights on an infrastructure failure, not a hack. Amazon Web Services customers reported multiple failures in an unexplained outage.
Masada offered up the tour before both incidents as Microsoft was planning on releasing a digital defense report, which claims that there are 4.5 million malware file blocks every day, and five billion emails screened daily for malicious intent. The MDDR recommended that companies hire more people, not just tools, to fight off cyberattacks.
As he stood before a grand screen of the globe to show active threats that had been neutralized, Masada noted that most attacks are on American systems, which accounts for nearly 75% of activity. Most attacks were aimed at Government services, IT, research, and academia, and motivated by data theft and extortion, according to Microsoft.
A release from the company also suggested that Microsoft, in partnership with the DOJ, Europol, and Japan’s Cybercrime Control Center, “carried out a landmark disruption operation against Lumma Stealer. Over 2,300 malicious domains were seized or blocked, cutting off Lumma’s infrastructure and redirecting infected devices away from criminal control.”
Added Masada, it is “financially motivated crime, nation state, nation state actors. This is a global phenomenon.”
