Just last month, Microsoft released their Digital Defense Report, an exhaustive digital threat report that chronicles some of the biggest trends and threats for the year. This year, Microsoft placed heavy emphasis on the actions of state actors in their report, covering the actions of nation state actors, cyber influence operations, and the defense of critical digital infrastructure. The other big topic this year was Microsoft’s dedication to Cyber Resilience and critical importance of basic cybersecurity hygiene.
Today, we want to break the report down into the 5 most important things to come out of this report.
The State of Cybercrime
Surprising no one, cybercriminals have continued to evolve the complexity, scale, and effectiveness of their operations. Microsoft notes that cybercrime has continued to rise as the development of pre-packaged cyber attacks lowers the barrier of entry and upfront costs associated with setting up malware campaigns. Further, Microsoft notes that attackers are increasingly relying on extortion to extract payment from their victims; relying on the threat of disclosing sensitive information to encourage ransom payments. This isn’t exactly breaking news for the many information security professionals that are plugged into recent trends in cybercrime, but it points to an increased level of sophistication in target selection, data exfiltration, and organization among cybercriminals.
Nation State Threats, Critical Infrastructure, and Cyber Influence Operations
With the ongoing conflict in Ukraine, it is not surprising that the actions of state-actors featured prominently in the report. Microsoft found that nation state actors are launching increasingly sophisticated cyberattacks that better evade detection, particularly with the utilization of cyberweapons in the early stages of the Ukraine conflict. Microsoft notes that, in response to cyberattacks targeting Ukrainian IT infrastructure, many Ukrainian organizations rapidly transitioned their on-premises workloads into cloud service providers hosted outside of Ukraine.
Nation state actors have been particularly active in targeting critical infrastructure in the financial service, transportation, and communications industries. In particular, state actors have been ramping up efforts in rapid exploitation of newly identified vulnerabilities, cutting down vulnerability exploitation time to 14 days after public vulnerability disclosure. IT supply chains proved to be a tempting target for state actors as well, looking to compromise upstream software providers to distribute their malware to any organization who receives the tainted update.
Unsurprisingly, another key pillar of Microsoft’s Digital Defense Report is the increased use of cyber influence operations to shape public opinion, discredit adversaries, and promote discord. Microsoft found that nation states are increasingly using sophisticated influence operations to influence public opinion such that they erode trust, increase polarization, and threaten democratic processes. Russia, Iran, and China are particularly noteworthy to Microsoft with their utilization of propaganda and synthetic influence campaigns to advance their own strategic geopolitical objectives. These influence campaigns are often proliferated with synthetic media across social media networks, but they are not restricted solely to social media; Microsoft found that campaign operators used traditional media in tandem with social media to dramatically increase the efficiency and efficacy of their campaigns.
Cyber Resilience & Hygiene
Perhaps the most impactful thing that Microsoft highlighted, however, is the idea that basic cybersecurity hygiene still protects against 98% of all cyberattacks. To us, that is a staggering statistic. When talking about cyber resiliency and cyber hygiene, it’s easy to take the basics for granted. We’ve talked previously about cyber resiliency, and our conclusions align closely with Microsoft here. When it comes to reducing risk, the biggest step you can take is nail down the basics as best you can. Complex state-sponsored actors and criminal ransomware gangs get all of the headlines, but more often than not the attacks that do the most harm take advantage of neglected basic security principles. It doesn’t matter how many tools are in your tool stack, how vast your cybersecurity budget is, or how many people are on the security team if fundamental cyber hygiene isn’t down pat. As we discussed before, Cybersecurity Performance Management (CPM) is the best way for organizations to gain visibility, drive maturity, reduce risk, and keep cyber insurance premiums in check.
Microsoft’s Digital Defense Report is a great insight into the biggest threats companies have been and will continue to face. It’s applicable to organizations of all sizes, from your 20 employee MSSP to your Netflix or Amazon. While the report largely focuses on risks that primarily affect industry titans who are frequently the target of state actors, the report goes to great lengths to incorporate practical ideas that small and mid-sized businesses can utilize to better protect themselves.