Although the incentive to destroy or steal money is eternal, cyber attacks today are again primarily driven by the intent of espionage, Microsoft stated in its annual security report. According to the software company, in the years ahead, artificial intelligence will become a critical element of successful defense, but partner cooperation will also play a similar role.
Intelligence and opinion-influencing cyber-attacks launched with the tailwind of a nation-state affected 120 countries in the past year, and within that there were periods when half of the campaigns targeted NATO member countries, and more than 40 percent targeted organizations that build and operate critical infrastructure in the governmental and commercial spheres. Although ransomware attacks launched with the aim of physical harm and financial gain often still receive more press coverage today, the data show that malicious actors are once again more motivated by intelligence gathering, secret eavesdropping of communications and manipulation of public opinion – he pointed out in his blog post (Espionage fuels global cyberattacks) Tom Burt, vice president of Microsoft, who presented the main findings of the security report at an international press conference before its publication.
The Microsoft Digital Defense Report provides a detailed overview of the state and trends of the global threat environment between July of last year and June of this year, the activities of nation states and cybercriminals, and the evolution of cyber defense. For the annual report, now published for the fourth time, Microsoft’s various security and threat detection solutions provide telemetry data that collects more than 750 billion signals per second worldwide – this data stream is analyzed by more than 10,000 security specialists of the software company with sophisticated data analysis tools and AI algorithms.
It is perhaps an unsurprising trend that Russia is currently focusing on cyber espionage in support of its war against Ukraine, but the more than 130-page report also draws attention to more unexpected developments, such as China’s strategic partners – the countries participating in the One Belt One Road program, among them Its attacks targeting Malaysia, Indonesia and Kazakhstan, or North Korea’s attempts to obtain Russian nuclear energy, defense and government information.
In its report, Microsoft also highlights that, in addition to other forms of cyberwarfare, actors operating with the support of the nation-state are increasingly using agents of influence to spread propaganda. The manipulation of national and global public opinion is aimed at undermining democratic institutions in countries considered enemies, which is particularly dangerous during armed conflicts and national elections. Since the invasion of Ukraine, Russia has, for example, consistently coordinated the activities of its influencers with its military and cyber attacks. After last year’s presidential elections, Iran launched devastating cyberattacks against the Albanian government, with which it also launched an influenza campaign that has continued ever since.
Stealth blackmailers and MFA fatigue
Although various groups of cybercriminals have increased the intensity of their cyberattacks over the past year, the built-in protections of Microsoft products have blocked tens of billions of malware threats, thwarted 237 billion brute-force password attempts, and neutralized 619,000 distributed denial-of-service (DDoS) attacks. – reported the software company in its report.
In order to preserve their anonymity and increase their efficiency, criminals try to hide their tracks with remote encryption and cloud-based tools, such as virtual machines, but thanks to the closer cooperation of the competition and the public sector, they still end up in the net of law enforcement agencies more and more often. But while some of the gangs working with ransomware – such as Target – manage to be dismantled, their members arrested and prosecuted, many other groups continue to look for weak points through which they can most easily penetrate the systems of selected victims, therefore also the continuous development of cyber protection need to be confirmed.
Based on Microsoft’s telemetry data, the number of ransomware attacks launched with human intervention has increased by 200 percent since last September. Unlike automated threats, these hands-on-keyboard attacks target the entire organization under fire with tailored demands. In the recent period, 60 percent of criminals minimized the footprint of attacks with remote encryption, thereby making process-based prevention impossible.
Devices outside of corporate control, such as employee-owned (BYOD) devices, are particularly easy prey in this genre, with 80 percent of observed successful attacks involving unmanaged devices. Criminals working with ransomware are increasingly looking for vulnerabilities in less common software, which also makes it more difficult to predict and prevent attacks. The number of cases in which criminals stole data from their victims and threatened to make it public in order to force the payment of a ransom has also doubled since last November – but data theft can of course also serve the purpose of obtaining user IDs and other valuable information, as well as cyber espionage.
A controversial cybercrime trend is the exploitation of user fatigue accompanying the spread of multifactor authentication (MFA). Although MFA, which asks for additional identifiers in addition to the password, reduces the risk of account or system hacking by 99.2 percent, making it one of the easiest and most effective protections for organizations to implement, users may get tired of accumulating identifiers. Criminals take advantage of this and bombard them with MFA notifications until they finally give up and allow access. In the past year, Microsoft has observed around 6,000 such MFA exploits per day.
AI and collective defense
The attackers have already added artificial intelligence (AI) to their arsenal, which is used, among other things, to fine-tune phishing emails, illustrate propaganda, and synthesize visual content spread by influencers. At the same time, AI is a key technology for successful cyber defense, strengthening and extending the capabilities of detection, response, analysis, prediction and automation in various areas of cybersecurity. Through large language models (LLMs), artificial intelligence also creates a dialogue-based user interface, draws attention in natural language to the correlations recognized by analyzing security data and formulates suggestions for more effective protection, Microsoft pointed out in its report.
As AI reshapes society in many ways, responsible AI practices by vendors and users are critical to maintaining trust and privacy, as well as realizing opportunities and ensuring long-term benefits. Generative artificial intelligence models require the further development of cyber defense and the development of threat models that can be used to effectively respond to new challenges, such as text, image, video and audio content for misinformation or the generation of malicious code. The software company therefore develops all its AI products and services according to these principles, the report reads.
The scale and nature of the threats described in the pages of Microsoft’s Digital Defense Report may seem daunting, but huge advances are being made on the technology front to defeat attackers, and strong partnerships are being formed that cross the boundaries between countries and industries, the private and public sectors, he added. in a blog post by Tom Burt. The vice president of Microsoft also reminded that 75 percent of citizens living in democratic countries who have the right to vote will have the opportunity to vote in the next year and a half. It will therefore be one of the cornerstones of our collective cyber defense to preserve the security of elections and the strength of democratic institutions.
