Microsoft recently released its Digital Defense Report 2022, representing the current threat landscape, mentioning the first russian-Ukrainian « hybrid war », reviewing the current state of cybercrime, and identifying the characteristics to successfully defend against future threats.
Nation-state groups are becoming a more dangerous threat as they increasingly target critical infrastructures and rapidly leverage zero-day vulnerabilities.
Microsoft shared some statistics from the massive amount of data points it reviewed between July 2021 and the end of June 2022:
- 43 trillion signals were synthesized daily, using sophisticated data analytics and AI algorithms
- More than 8,500 engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders were involved across 77 countries
- More than 15,000 partners in Microsoft’s security ecosystem aided in increasing cyber resilience
- 37 billion email threats were blocked
- 7 billion identity threats were blocked
- 5 billion endpoint signals were analyzed daily
Unfortunately, for every email and identity threat that was blocked, some made it through, causing disruption and monetary loss. And bad actors are getting more sophisticated in their approaches.
WHAT ARE THE KEY TAKEAWAYS?
- Ransomware and Extortion are becoming more prevalent:
* As cyber defenses improve and more organizations are taking a proactive approach to prevention, attackers are adapting their techniques. The threat of ransomware and extortion is becoming more audacious with attacks targeting governments, businesses, and critical infrastructure.
* Human-operated ransomware is most prevalent, as one-third of targets are successfully compromised by criminals using these attacks, and 5% of those are ransomed.
* 93% of Microsoft’s ransomware incident response engagements revealed insufficient controls on privileged access and lateral movement. The most effective defense against ransomware includes multifactor authentication, frequent security patches, and Zero Trust principles across network architecture.
- The sophistication of Nation State threats:
* Nation-state actors are launching increasingly sophisticated cyberattacks designed to evade detection and further their strategic priorities. Cybercriminals have begun using advancements in automation, cloud infrastructure, and remote access technologies to attack a wider set of targets.
* During the past year, cyberattacks targeting critical infrastructure have jumped significantly. These developments require the urgent adoption of a consistent, global framework that prioritizes human rights and protects people from reckless state behavior online.
* To date, Microsoft removed more than 10,000 domains used by cybercriminals and 600 used by nation-state actors.
- Being cyber resilient amid emerging attacks:
* Effective cyber resiliency requires a holistic, adaptive approach to withstand evolving threats to core services and infrastructure. The vast majority of successful cyberattacks could be prevented using basic security hygiene.
* The volume of password attacks has risen to an estimated 921 attacks every second – a 74% increase in just one year. In the time it takes to read this statement, Microsoft has defended against 4,500 password attacks.
* While password-based attacks remain the main source of identity compromise, other types of attacks are emerging. Modernized systems and architecture are important for managing threats in a hyperconnected world.
- Devices being targeted as entry points to critical infrastructure:
* The pandemic, coupled with the rapid adoption of internet-facing devices of all kinds as a component of accelerating digital transformation, has dramatically increased the attack surface of the digital world. Attacks against remote management devices are on the rise, with more than 100 million attacks observed in May of 2022—a five-fold increase in the past year.
* While the security of IT hardware and software has strengthened in recent years, the security of Internet of things (IoT) and Operational Technology (OT) devices security has not kept pace. Threat actors are exploiting these devices to establish access to networks and enable lateral movement, to establish a foothold in a supply chain, or to disrupt the target organization’s OT operations. The average number of connected devices in an enterprise that is not protected by an endpoint detection and response agent is 3,500.
* The biggest thing people can do is pay attention to the basics – enabling multi-factor authentication, applying security patches, being intentional about who has privileged access to systems and deploying modern security solutions from any leading provider.
- The proliferation of cyber influence operations:
* Foreign actors are using highly effective techniques – often mirroring cyberattacks – to enable propaganda influence to erode trust, impact public opinion, and increase polarization – domestically and internationally.
* Synthetic media is becoming more prevalent due to the proliferation of tools that easily create and disseminate highly realistic artificial images, videos, and audio.
The report urges resiliency by cybersecurity professionals, which requires modernizing systems and architecture, particularly in today’s hyper-connected world. Sadly, most cyberattacks could be prevented by employing basic security hygiene, the report states.
In addition, Microsoft points out that collaboration and cooperation are major factors in thwarting cyberattacks, and success will be due to a holistic, adaptive approach to protecting core services and infrastructure.
What is the key takeaway? The scope and scale of digital threats are enormous, affecting all points of the globe. But there is hope, as vendors, governments, and the good guys in the security realm push to promote solid cyber defense practices to reduce the risk of cyberattacks.