Microsoft on the Current State of Cybersecurity

Microsoft starts by breaking down the current economics of cybercrime. It covers the latest insights on ransomware, phishing, malware, malicious domains and more. From blockchain domains to adversarial machine learning, Microsoft gets you quickly up to date on the latest threat trends facing your business, with real-world examples from Microsoft’s own cybercrimes team.

You’ll also be able to explore additional resources and recommended reading material, including Microsoft’s wide range of cloud-based solutions and telemetry and Windows clients to help your organization with significant insights into traffic and trends.

The next major topic Microsoft tackles in this report are nation-state threats. This type of threat mainly targets government agencies, intergovernmental organizations (IGOs), nongovernmental organizations (NGOs) and national think tanks. The intent behind nation-state threats are to steal national intelligence information, disrupt another country’s operations and supply chains, or to cause chaos and instill a lack of confidence in national government.

Microsoft offers a review of its findings from the past three years, and from over 20,500 nation-state notifications and activities detected. It offers a comprehensive breakdown on the most targeted countries and sectors, along with the most common types of attacks and attack vectors.

With nation-state threat activity expected to only increase, Microsoft also outlines the type of architecture and security needed to protect your organizations. Zero Trust is seen as a priority that needs to be maintained and implemented.

Microsoft then delves into recent threats facing supply chains IoT and operational technology (OT.) IoT represents an emerging threat as more connected devices are appearing, and those devices are collecting and forwarding more and more information. OT represents a legacy threat from SCADA system attacks, but as operations seek to automate and monitor systems, new vulnerabilities are exposed as OT and IoT converge.

Supply chains are particularly vulnerable because they rely on trust and are often automated. Microsoft lays out nine supply chain workstreams into a framework to help organizations evaluate and mitigate your own potential risk. Microsoft reviews the U.S. Executive Order issued in May 2021, which specifically addresses supply chain security.

The report also includes a list of properties of highly secured devices as well as recommendations on how to apply a zero trust approach to IoT solutions. The chapter concludes with some alarming data on attack trends and passwords in use that Microsoft is seeing, including the use of “admin” as a password on IoT devices over 20 million times in a 45-day period.

Next, Microsoft reviews trends, vulnerabilities and threats related to hybrid workforce security.

Email continues to be a huge threat vector for malware and ransomware. Microsoft recommends its zero trust strategy as it applies to users and devices. This strategy incorporates technology pillars of identities, endpoints, applications, networks, infrastructure and data as control planes for enforcement and defense.

Using telemetry related to Azure AD, Microsoft sees 90 billion authentication requests and 50 million password attacks each day. While multifactor authentication (MFA) is an extremely effective defense, only 30 percent of administrators and 20 percent of users are using strong authentication. Enabling MFA, blocking legacy authentication and providing phishing protection are mentioned as three key defensive actions.

One major emerging threat is “granting consent”, where threat actors will trick users into granting permissions to a malicious application. Microsoft recommends that organizations evaluate applications they are looking to purchase or use to ensure those applications provide zero trust capabilities.

Distributed denial of service (DDoS) attacks continue to increase. Consider moving solutions to the cloud as Microsoft and others typically have robust DDoS defense tools in place that on-premises data centers will not.

Microsoft reports disinformation as one of the biggest emerging threats we face today. It refers to the deliberate use and spreading of false information in order to influence public opinion, damage the reputations of public figures, mislead consumers or influence the outcomes of major events, such as presidential election results.

Microsoft describes the threat posed by disinformation as “cognitive hacking.” While cyberattacks are used to disrupt digital systems, disinformation is used to disrupt democratic principles and institutions or to commit financial fraud.

The most common disinformation threats comes in the form of what Microsoft refers to as “Deepfakes.” Deepfakes are media files, manipulated by AI, to help undermine journalism and create a split in public trust over what news is real and what is a lie. One of the best examples of this is the current state of campaign and election security, which Microsoft has been working to improve and protect.

Within your own organization, disinformation can affect enterprise security by polluting the collection of information, sowing distrust and complicating IT investigations. Microsoft provides a four point plan for enterprise executives on how best to mitigate and contain these types of threats.

Microsoft’s threat report concludes with an overview on actionable cybersecurity insights. It outlines five paradigm shifts that are affecting cybersecurity.

• Increased digital empathy for users and their unique circumstances and abilities
  
  
• The Zero Trust Model as critically important to designing and managing organizational risk
  
  
• Diversity of data, to better understand threats in a broader context
  
  
• Cyber-resilence as a key to maintaining business continuity
  
  
• Integrated security tools can reduce costs and provide improved visibility into threats and attacks

Basic security hygiene still prevents 98 percent of all attacks. This includes enabling MFA, applying least privilege access, keeping systems up to date, using effective antimalware tools and being able to identify and protect your sensitive data.