Microsoft recently released its Digital Defense Report 2022, examining the current threat landscape, touching on the first "hybrid war" that is the Ukraine-Russia conflict, reviewing the current state of cybercrime, and identifying the characteristics needed to successfully defend against future threats.
The key takeaway? The scope and scale of digital threats is enormous, affecting all points of the globe. But there is hope, as vendors, governments, and the good guys in the security realm push to promote solid cyber defense practices to reduce the risk of cyberattacks.
Click here for the 11-page executive summary of the comprehensive, 114-page report. Microsoft shared some stats from the massive amount of data points it reviewed between July 2021 and the end of June 2022:
- 43 trillion signals were synthesized daily, using sophisticated data analytics and AI algorithms
- More than 8,500 engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders were involved across 77 countries
- More than 15,000 partners in Microsoft's security ecosystem aided in increasing cyber resilience
- 37 billion email threats were blocked
- 34.7 billion identity threats were blocked
- 2.5 billion endpoint signals were analyzed daily
Unfortunately, for every email and identity threat that was blocked, there were those that made it through, causing disruption and monetary loss. And bad actors are getting more sophisticated in their approaches, or as Timothy Morris, Chief Security Advisor at Tanium, said, "adversaries will skate to where the puck is."
"Up until recently, stolen credentials were the leading attack vector entry—exploited vulnerabilities just surpassed stolen creds," Morris said. "It is unclear if better password policies, implementations of one-time passwords (OTP) or multi-factor authentication (MFA), reduced the quality of stolen creds, or if the increased quantity of exploitable vulnerabilities caused the shift."
Some key quotes from the executive summary:
- "Cybercriminals continue to act as sophisticated profit enterprises. Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure. At the same time, cybercriminals are becoming more frugal. To lower their overhead and boost the appearance of legitimacy, attackers are compromising business networks and devices to host phishing campaigns, malware, or even use their computing power to mine cryptocurrency."
- "The most effective defense against ransomware includes multifactor authentication, frequent security patches, and Zero Trust principles across network architecture."
- "Nation state actors are launching increasingly sophisticated cyberattacks to evade detection and further their strategic priorities. The advent of cyberweapon deployment in the hybrid war in Ukraine is the dawn of a new age of conflict."
- "Malware as a service has moved into large scale operations against exposed IoT and OT in infrastructure and utilities as well as corporate networks."
- "Attacks against remote management devices are on the rise, with more than 100 million attacks observed in May of 2022—a five-fold increase in the past year."
- "Nation states are increasingly using sophisticated influence operations to distribute propaganda and impact public opinion both domestically and internationally. These campaigns erode trust, increase polarization, and threaten democratic processes."
- "Russia, Iran, and China employed propaganda and influence campaigns throughout the COVID-19 pandemic often as a strategic device to achieve broader political objectives."
The report urges resiliency by cybersecurity professionals, which requires modernizing systems and architecture, particularly in today's hyper-connected world. Sadly, most cyberattacks could be prevented by employing basic security hygiene, the report states.
In addition, Microsoft points out that collaboration and cooperation are major factors in thwarting cyberattacks, and success will be due to a holistic, adaptive approach to protecting core services and infrastructure.