fbpx

Jasco Blog

Digital Defense Report

A summary of the latest trends and insights on cybersecurity from Microsoft

As the digital world becomes more complex and interconnected, so do the Cybersecurity threats and challenges that we face. In this blog post, we take a look at the Microsoft annual Digital Defense Report, which presents a comprehensive analysis of the current state of cybersecurity, based on data and insights from Microsoft’s security experts and solutions.

The Digital Defense Report 2023 covers the period from July 2022 through June 2023, and weighs in at a substantial 131 pages long. If you’re going to try to get through in detail in one sitting, then I’d suggest a good cup of tea and snacks to help you get through. 

Fortunately, Microsoft also provide a 13 page executive summary of the report, sharing from Microsoft’s unique vantage point of more than 10,000 security experts who analyze over 65 trillion signals each day with the help of AI, and Microsoft Threat Intelligence teams who track hundreds of threat actor groups worldwide.

As with previous reports, Microsoft not only provide substantial Cybersecurity information, but also provide “actionable insights” throughout the document to help you understand what you can do in your own environments to better protect against threats.

In this blog post, I will highlight some of the key findings and recommendations from the report, and how you can protect yourself and your organization from cyberattacks.

How to protect against 99% of attacks

One of the main messages of the report is that basic security hygiene can prevent or mitigate 99% of the attacks that Microsoft observes. 

This includes keeping your software and devices updated, using strong and unique passwords, enabling multi-factor authentication, and using a reputable antivirus solution. Microsoft also recommends using its cloud-based services, such as Microsoft 365 and Azure, which offer built-in security features and capabilities that can help you defend against the most sophisticated threats.

Actionable insights to reduce ransomware, phishing, and Business Email Compromise

Three areas that are of particular concern for me that can be incredibly impacting to a business and those that can be some of the hardest to prevent.

Ransomware

Let’s look at some of the stats relating to Ransomware provided in the report that Microsoft have observed.

  • 80-90% of all successful ransomware compromises originate through unmanaged devices.
  • 70% of organizations encountering human operated ransomware had fewer than 500 employees
  • Human-operated ransomware attacks are up more than 200%

What I found really interesting is that the target for ransomware isn’t just aimed at large organizations. There is a real risk of ransomware impacting smaller environments. As mentioned earlier, Microsoft not only provides detail on the “threat landscape” in the Digital Defense Report, but also provides helpful “actionable insights”.  

For ransomware: Implement a backup and recovery strategy, segment your network, limit privileged accounts, monitor for suspicious activity, and use Microsoft Defender for Endpoint and Microsoft Defender for Office 365 to detect and block ransomware attacks.

Phishing

In the report, Microsoft talks about phishing campaigns continuing to improve in sophistication, including leveraging genuine services or websites and tailoring phishing links for individual users. Some of these attack types relate to:

  • Emails send from trusted third parties – Attackers send phishing emails to all the contacts of their victims
  • Emails with legitimate URLs – Attackers host phishing URLs on legitimate cloud service providers such as Adobe, Dropbox, Google, and Microsoft
  • OAuth device code phishing – The attacker generates a user code, then creates a phishing email with it and a link to provide the code

Microsoft observed that over 90 percent of phishing attacks involve social engineering, making this a more difficult problem to tackle. Our actionable insight from Microsoft are:

  • Shift phishing training programs away from being compliance oriented to more proactive, behavior change focused. 
  • Develop tailored and context-aware education models that treat users as distinct individuals and can be implemented at scale. 
  • Teach users that reporting phishing email is a gold standard behavior in protecting their enterprise. 
  • Treat phishing education programs as part of a broader Zero Trust organizational resiliency strategy.

Business Email Compromise

Business Email Compromise or BEC, is frequently carried out when an attacker compromises legitimate business email accounts through social engineering or other computer access techniques to complete unauthorized funds transfers to accounts under their own control.

In the report Microsoft noted that these types of attacked have increase to a count of over 156,000 daily attacks. Below we can see some of the attack types that are commonly used that we need to look out for.

  • Direct Email Compromise – compromised email accounts are used to socially convince people in accounting roles, to send funds to the attacker’s bank account or change payment information for an existing account
  • Vendor Email Compromise – social engineering of an existing supplier relationship by hijacking a payment-related email, then impersonating company employees to convince a supplier to redirect outstanding payment to a different bank account.
  • False Invoice Scam – a mass social engineering scam that exploits well-known business brands to convince companies to pay fake invoices.

The report suggests measures such as the below to avoid these types of attacks

  • For BEC: Verify the identity and legitimacy of email senders, especially if they request sensitive information or money transfers.
  • Use Microsoft Defender for Office 365 to flag and investigate anomalous or spoofed emails.
  • Use Microsoft Cloud App Security to monitor and control the use of cloud applications.

How Microsoft is defending with AI

The Digital Defense report also highlights how Microsoft is using artificial intelligence (AI) to enhance its security capabilities and solutions, to cope with the enormous amount of security data and innovation required to stay ahead of attackers.

  • Analyze billions of signals and data points from multiple sources and sensors, and correlate them to identify patterns and anomalies.
  • Automate the detection and response of security incidents, and provide contextual and actionable insights to security teams and users.
  • Enhance the protection and resilience of Microsoft’s cloud infrastructure and services, and enable customers to benefit from the scale and speed of the cloud.
  • Innovate and develop new security features and capabilities, such as Microsoft Defender for Identity, Microsoft 365 Defender, and Azure Sentinel.

Summary

The Digital Defense Report contains a wealth of information, more than I can comfortably summarize in this post. From The State of Cybercrime, Nation State Threats, Critical Cybersecurity Challenges, Innovations for Security and Resilience and Collective Defense information. There are more detailed sections on identity attacks, MFA fatigue, Token replay all with actionable insights and the importance or MFA on VPN networks that are well worth a read.

I hope that this blog post has given you a glimpse of the valuable information and insights that the Digital Defense Report 2023 offers. I encourage you to read the full report or the summary to learn more about the current state of cybersecurity, and how Microsoft can help you protect yourself and your organization from cyberattacks. 

You can download the Digital Defense Report from Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider.

let's talk!