10 essential insights from the Microsoft Digital Defense Report 2023
As a company committed to making the world a safer place, Microsoft has invested heavily in security research, innovation, and the global security community. We have access to a diverse range of security data which puts us in a unique position to understand the state of cybersecurity and to identify indicators that can help predict the next moves of attackers.
As part of our longstanding commitment to create a safer world, Microsoft’s investments in security research, innovation, and the global security community include:
The vast majority of successful cyberattacks could be thwarted by implementing a few fundamental security hygiene practices. Using the hyper-scale cloud makes it easier to implement them by either enabling them by default or abstracting the need for customers to implement them.
Fundamentals of cyber hygiene
Enable MFA: This protects against compromised user passwords and helps provide extra resilience for identities.
Apply Zero Trust principles: The cornerstone of any resilience plan is to limit the impact of an attack. These principles are: (1) Explicitly verify. Ensure users and devices are in a good state before allowing access to resources. (2) Use least privilege access. Allow only the privilege needed to access a resource and no more. (3) Assume breach. Assume system defenses have been breached and systems may be compromised. This means constantly monitoring the environment for possible attack.
Use extended detection and response (XDR) and antimalware: Implement software to detect and automatically block attacks and provide insights to the security operations software. Monitoring insights from threat detection systems is essential to being able to quickly respond to cyberthreats.
Keep up to date: Attackers take advantage of unpatched and out- of-date systems. Ensure all systems are kept up to date including firmware, the operating system, and applications.
Protect data: Knowing your important data, where it is located, and whether the right defenses are implemented is crucial to implementing appropriate protection.
Microsoft’s telemetry indicates an increased rate of ransomware attacks compared with last year, with human-operated ransomware attacks tripling since September 2022. Going forward, we expect ransomware operators will seek to leverage automation, AI, and hyperscale cloud systems to scale and maximize the effectiveness of their attacks.
The ransomware landscape
Ransomware elimination and the Foundational Five
- Modern authentication with phish-resistant credentials
- Least Privileged Access applied to the entire technology stack
- Threat- and risk-free environments
- Posture management for compliance and the health of devices, services, and assets
- Automatic cloud backup and file-syncing for user and business-critical data
Microsoft Entra data reveals a more than tenfold increase in attempted password attacks when compared with the same period from a year ago. One way to deter would-be attackers is to use non-phishable credentials such as Windows Hello for Business or FIDO keys.
Did you know?
Threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks. Microsoft’s Digital Crimes Unit believes increased intelligence sharing across the public and private sectors will enable a faster and more impactful response to BEC.
Did you know?
Nation-state actors have increased the global scope of their cyber operations as part of information gathering. Organizations involved in critical infrastructure, education, and policymaking were among the most targeted, in line with many groups’ geopolitical goals and espionage-focused remits. Steps to detect possible espionage-related breaches include monitoring changes to mailboxes and permissions.
The most targeted nations by region* were:
Did you know?
Blizzard actor category
Russian state actors expanded their scope of activity beyond Ukraine to target Kyiv’s allies, principally NATO members.
Typhoon actor category
China’s expanded and sophisticated activities reflect its dual pursuits of global influence and intelligence collection. Its targets include US defense and critical infrastructure, South China Sea nations, and Belt and Road Initiative partners.
Sandstorm actor category
Iran has expanded its cyber activities to Africa, Latin America, and Asia. Leaning heavily into influence operations, it has pushed narratives that seek to foment Shi’ite unrest in Gulf Arab countries and counter the normalization of Arab-Israeli ties.
Sleet actor category
North Korea has increased the sophistication of its cyber operations in the last year, especially in cryptocurrency theft and supply chain attacks.
Did you know?
Attackers have increasingly targeted the highly vulnerability of information technology and operational technology (IT-OT), which can be difficult to defend. For example, of the 78% of internet of things (IoT) devices with known vulnerabilities on customer networks, 46% cannot be patched. A robust OT patch management system is therefore an essential component of cybersecurity strategy, while network monitoring in OT environments may help detect malicious activity.
Did you know?
AI can enhance cybersecurity by automating and augmenting cybersecurity tasks, enabling defenders to detect hidden patterns and behaviors. LLMs can contribute to threat intelligence; incident response and recovery; monitoring and detection; testing and validation; education; and security, governance, risk and compliance.
Microsoft’s researchers and applied scientists are exploring many scenarios for LLM application in cyber defense, such as:
Did you know?
As cyberthreats evolve, public-private collaboration will be key to improve collective knowledge, drive resilience, and inform mitigation guidance across the security ecosystem. For example, this year, Microsoft, Fortra LLC, and Health-ISAC worked together to reduce cybercriminal infrastructure for the illicit use of Cobalt Strike. This has resulted in a reduction of this infrastructure by 50% in the United States.
Did you know?
The global shortage of cybersecurity and AI professionals can only be addressed through strategic partnerships between educational institutions, nonprofit organizations, governments, and businesses. Since AI may help relieve some of this burden, the development of AI skills is a top priority for company training strategies.
Follow Microsoft Security