Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Highlighting IoT/OT Security in the 2022 Microsoft Digital Defense Report
Published Nov 07 2022 10:58 AM 5,866 Views

Following the release of the 2022 Microsoft Digital Defense Report, Microsoft Defender for IoT is proud to share our contributions and insights with our Tech Community readers. The annual cybersecurity and threat intelligence report analyzes over 43 trillion daily security signals and includes contributions from research teams and security groups from 77 countries, including Microsoft Defender for IoT’s research team, Section 52.


The convergence of IoT and OT devices presents new challenges for organizations as the economy of malicious actors and cyber threats has shifted to target critical asset. Microsoft’s new report contains insights about the constantly evolving threat-landscape, cyber-security trends and mitigation guidelines to manage risks and improve security posture.


The State of Cyber-Crime 

Microsoft’s security teams actively track global threats, from ransomware and phishing to cybercrime-as-a-service. Section 52 has shared insights on how threat actors abuse infrastructure in the State of Cyber-Crime section of the Digital Defense Report.

Cyber-attacks are increasingly becoming more complex as cybercriminals are building sophisticated enterprises out of their activities. With the inclusion of our research on how unpatched routers are abused by malware operators for their operations, our researchers shared new insights on how devices are actively compromised for crypto-mining resources. We have shared strong indications that popular IoT devices such as routers are becoming active components of coordinated attacks and a popular target for inclusion in criminal operations.


Devices and Infrastructure

As more organizations are adopting internet-connected devices and solutions across a broad range of industries including critical infrastructure, Section 52 has worked closely with Microsoft’s global security groups to track the threats that are most relevant to your IoT and OT (operational technology) assets. The opportunity for organizations adopting these solutions is closely related to that of threat actors, with the business of cybercrime targeting these assets becoming a multi-billion-dollar business. This year, we have released insights on trends and attacks, supply chain risks, firmware hacking, and OT reconnaissance.




IoT devices pose unique security risks as entry and pivot points in networks. Millions of IoT devices are unpatched or exposed. This year we have observed how IoT malware operators have updated modular botnets with new capabilities to increase attacks on architectures like ARM, and the abuse of non-IoT specific vulnerabilities to deliver malicious payloads to vulnerable IoT devices.





As organizations are increasingly adopting security solutions like Microsoft Defender for IoT to protect their devices and networks, we have observed threat actors using creative methods and reconnaissance to target valuable assets. This year we have included information on supply chain risks, firmware hacking, and how threat actors can use sensitive design files, the files which are used to map environments and their assets, to gain new footholds into increasingly secure networks.


Actionable insights

Microsoft Defender for IoT encourages customers to take proactive action against potential security risks:

  1. Ensure devices are robust by applying patches, changing default passwords, and default SSH ports.
  2. Reduce the attack surface by eliminating unnecessary internet connections and open ports, restricting remote access by blocking ports, denying remote access, and using VPN services.
  3. Use an IoT/OT-aware network detection and response (NDR) solution and a security information and event management (SIEM)/security orchestration and response (SOAR) solution to monitor devices for anomalous or unauthorized behaviors, such as communication with unfamiliar hosts.
  4. Segment networks to limit an attacker’s ability to move laterally and compromise assets after initial intrusion. IoT devices and OT networks should be isolated from corporate IT networks through firewalls.
  5. Ensure ICS devices are not exposed directly to the internet.

We hope you will read about these areas and more, in the 2022 report.


Version history
Last update:
‎Nov 07 2022 10:58 AM
Updated by: