Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
10 essential insights from the Microsoft Digital Defense Report 2023
Published Jan 08 2024 09:19 AM 7,946 Views
Microsoft

In an era marked by escalating cyber threats, Microsoft sheds light on the global security landscape through the Microsoft Digital Defense Report 2023. Harnessing extensive security research and a unique vantage point, Microsoft not only comprehends the current state of cybersecurity but also utilizes a diverse range of security data to predict and identify indicators of cyber threats.

 

Below are 10 essential insights from the Microsoft Digital Defense Report 2023

 

  1. Basic security hygiene still protects against 99% of attacks

Implementing fundamental security practices can prevent most cyberattacks. Hyper-scale cloud simplifies this by default settings or abstracting customer intervention.

Key practices: enable Multi-Factor Authentication (MFA), apply Zero Trust principles, use Extended Detection and Response (XDR) and antimalware, keep systems updated, and protect critical data.

MDDR_10_Basic-security-hygiene@2x.png

 

2. Human-operated ransomware attacks increasing

Microsoft's telemetry shows a rise in ransomware attacks compared to the previous year, with human-operated ransomware attacks tripling since September 2022. Foreseeing the future, ransomware operators are likely to exploit automation, AI, and hyperscale cloud systems to enhance the scale and effectiveness of their attacks.

MDDR_05_Human-operated-ransomware@2x.png

 

3. Password attacks dramatically on the rise

Microsoft Entra data shows a significant surge of over tenfold in attempted password attacks compared to the corresponding period the previous year. To discourage potential attackers, employing non-phishable credentials, such as Windows Hello for Business or FIDO keys, is recommended.

MDDR_07_10x-more-password-attacks_v2@2x-1-1.png

 

4. Business Email Compromise (BEC) at an all-time high

As Business Email Compromise (BEC) attacks reach an all-time high, Microsoft’s Digital Crimes Unit (DCU) advocates for increased intelligence sharing across public and private sectors. This collaborative approach aims to facilitate a faster and more impactful response to BEC incidents.

MDDR_11_156k-daily-BEC-attempts@2x.png

 

5. Nation-state threat actors’ global target set expands

Nation-state actors have expanded their global cyber operations for information gathering, particularly targeting organizations in critical infrastructure, education, and policymaking. The focus aligns with geopolitical goals and espionage objectives. Detecting potential espionage-related breaches involves monitoring changes to mailboxes and permissions.

 

The most targeted nations by region:

MDDR_01_Most-targeted-nations@2x-1.png

 

6. Nation state actors mix influence operations with cyber attacks

Nation-state actors increasingly integrate influence operations with cyber operations to disseminate preferred propaganda narratives, heighten social tensions, and amplify doubt and confusion. Such operations are frequently executed within the context of armed conflicts and national elections.

 

7. IoT/OT devices increasingly at risk

Attackers are focusing on the high vulnerability of both information technology and operational technology (IT-OT), making defense challenging. Approximately 78% of IoT devices on customer networks have known vulnerabilities, and 46% of these cannot be patched. An effective cybersecurity strategy requires a robust operational technology (OT) patch management system, and network monitoring in OT environments can aid in detecting malicious activity.

MDDR_09_Device-vulnerabilities@2x.png

 

8. AI and large language models (LLMs) will transform cybersecurity

Microsoft’s researchers and applied scientists are exploring many scenarios for LLM application in cyber defense, such as:

MDDR_03_LLM-application-in-cyber@2x.png

Did you know?

Microsoft's AI Red Team, comprised of interdisciplinary experts, is actively contributing to the development of a safer AI future. Emulating the tactics, techniques, and procedures of real-world adversaries, the AI Red Team identifies risks, uncovers blind spots, validates assumptions, and enhances the overall security posture of AI systems. Learn more about Microsoft's red teaming for AI at Microsoft AI Red Team building future of safer AI | Microsoft Security Blog.

 

9. Collaboration can reduce cybercrime and protect the integrity of digital services

As cyberthreats evolve, public-private collaboration will be key to improve collective knowledge, drive resilience, and inform mitigation guidance across the security ecosystem. For example, this year, Microsoft, Fortra LLC, and Health-ISAC worked together to reduce cybercriminal infrastructure for the illicit use of Cobalt Strike. This has resulted in a reduction of this infrastructure by 50% in the United States.

MDDR_08_Collaboration-takes-down@2x.png

 

10. The future requires more cybersecurity professionals

The global shortage of cybersecurity and AI professionals can only be addressed through strategic partnerships between educational institutions, nonprofit organizations, governments, and businesses. Since AI may help relieve some of this burden, the development of AI skills is a top priority for company training strategies.

MDDR_12_Cybersecurity-growth-map@2x.png

 

To learn more, explore the wealth of information in the Microsoft Digital Defense Report 2023, and gain valuable perspectives from the Executive and CISO Summary at Security Insider.

1 Comment
Co-Authors
Version history
Last update:
‎Jan 08 2024 09:19 AM
Updated by: