5 Essential Insights from the Microsoft Digital Defense Report 2023

This year's report identified significant developments, some of which may sound familiar - such as the pressing need for more cyber defenders - and others that are newer.
The report is based on insights synthesized from 65 trillion daily signals by more than 10,000 security and threat intelligence experts across 135 million managed devices and over 15,000 security partners.
This data is also used to inform our security recommendations and mitigation strategies for customers year-round.
As we analyze this threat intelligence and look for more effective ways to counter adversaries at the speed of attack, artificial intelligence will be critical in tipping the scales back in favor of cyber defenders - enabling them to detect and respond to threats in near real time, upskilling them with alert prioritization and guidance, and bridging critical infrastructure gaps.
For AI to be effective, security teams must have all the insights and resources necessary to realize the full promise of this technology.
Human-Operated Ransomware Attacks Are Increasing Human-operated ransomware attacks have increased by more than 200% since September 2022, and we expect this trend to continue as ransomware operators leverage automation, AI, and hyperscale cloud systems to scale and maximize the effectiveness of their attacks.
Of the 123 ransomware-as-a-service affiliates that Microsoft tracks, 60% of their attacks used remote encryption and 70% were directed against organizations with fewer than 500 employees.
Security posture management will be critical - both for compliance and the health of devices, services, and assets - and automatic cloud backup and file-syncing should be implemented for user and business-critical data.
Password-Based Attacks Increased Dramatically Password attacks increased tenfold between April 2022 and April 2023, according to Microsoft Entra data.
This rise is likely due to porous security, as many organizations have not enabled multifactor authentication for their users.
This critical security gap leaves them vulnerable to phishing, credential stuffing, and brute-force attacks.
Business Email Compromise Is at an All-Time High Similarly, BEC attacks are at an all-time high, with an average of 156,000 BEC attempts made every day from April 2022 to April 2023.
Increased intelligence sharing between the public and private sectors is one way to enable faster, more impactful BEC response.
As part of this effort, the Microsoft Digital Crimes Unit is actively tracking and monitoring 14 commercial sites that sell distributed denial-of-service offerings, including one situated in the Dark Web.
Nation-State Threats Are Expanding in Scope and Scale Nation-state groups have increased the global scope of their cyber operations, targeting critical infrastructure, education, and policymaking organizations for geopolitical and espionage-focused reasons.
Although AI-generated profile pictures are a long-standing nation-state tactic, we believe groups will begin using more sophisticated AI tools to create multimedia content moving forward.
AI, LLMs Are Crucial Enablers of Cybersecurity AI will be critical for enhancing and augmenting the work of cyber defenders by automating repetitive tasks and identifying hidden patterns and behaviors.
Large language models also have a role to play, contributing to threat intelligence, incident response and recovery, monitoring and detection, testing and validation, education, and security governance, risk, and compliance.
Microsoft's AI Red Team of interdisciplinary experts is helping build this future of safer AI. Our AI Red Team emulates the tactics, techniques, and procedures of real-world adversaries to identify risks, uncover blind spots, validate assumptions, and improve the overall security posture of AI systems.
As businesses navigate these complex risks and changing threats, the insights from the report outline a path forward for upleveling the whole of cyber defense.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 20 Dec 2023 14:00:09 +0000


Cyber News related to 5 Essential Insights from the Microsoft Digital Defense Report 2023

Teaching Digital Ethics: Navigating the Digital Age - In today's digital age, where technology permeates every aspect of our lives, the need for ethical behavior in the digital realm has become increasingly crucial. This article explores the significance of digital ethics education in our society and ...
1 year ago Securityzap.com
Digital Citizenship Lessons for Students - This article aims to emphasize the significance of digital citizenship lessons for students, focusing on three key aspects: the definition and scope of digital citizenship, online etiquette, and safe online behavior. By equipping students with ...
1 year ago Securityzap.com
Building a Culture of Digital Responsibility in Schools - In today's technologically-driven world, schools have a critical role in cultivating a culture of digital responsibility among students. Promoting digital responsibility involves educating students about the potential risks and consequences ...
1 year ago Securityzap.com
Strengthening Cybersecurity: The Role of Digital Certificates and PKI in Authentication - Data protection remains integral in our wide digital world. This has been possible because of the increasing awareness amidst enterprises, small and large, across industries on the paramount need for the protection of sensitive data, securing digital ...
1 year ago Feeds.dzone.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Understanding Device and Infrastructure Attack Risks: Exploring the Microsoft Digital Defense 2022 Report - Organizations need to be prepared to anticipate, preempt, and respond to device and infrastructure threats to stay ahead of cybercriminals. Microsoft’s Digital Defense Report 2022 provides a critical overview of the key threats, vulnerabilities, ...
2 years ago Csoonline.com
What a Digital ID Means to How Australians Interact With Businesses Online - Australia is about to get a national online ID system - the Digital ID - which promises to improve the security and privacy of data online. In just a few months, Australians will have access to a new form of ID, which aims to make identification ...
1 year ago Techrepublic.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Does Your App Accept Digital Wallets? - Digital wallets are electronic systems that securely store payment information digitally. Digital wallets are designed for convenience and often include security features to protect your financial data. How Digital Wallets Function Digital wallets ...
1 year ago Feeds.dzone.com
Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report - To illuminate the evolving digital threat landscape and help the cyber community understand today's most pressing threats, we released our annual Microsoft Digital Defense Report. This year's report focuses on five key topics: cybercrime, ...
2 years ago Csoonline.com POLONIUM
Teaching Digital Literacy and Online Safety - It is crucial for educators to prioritize teaching online safety to ensure that students are equipped with the necessary skills to protect themselves online. This article aims to explore the importance of teaching digital literacy and online safety, ...
1 year ago Securityzap.com
Third Of European Businesses Have Adopted AI, AWS - AWS finds AI already adopted at sizeable number of European businesses, resulting in increased revenues, productivity. An insight into the adoption rate of artificial intelligence within the business community has been offered in a new report from ...
1 year ago Silicon.co.uk
Digital Forensics In 2025: How CSOs Can Lead Effective Investigations - Digital forensics now encompasses a broad spectrum of investigative techniques and methodologies used to extract, preserve, and analyze data from computers, smartphones, servers, cloud platforms, and a wide array of Internet of Things (IoT) devices. ...
1 month ago Cybersecuritynews.com
Ransomware Attacks Strike South Africa, Decline in UAE - Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. ...
1 year ago Darkreading.com Molerats LockBit
A Deep Dive Into How Digital Pound Can Menace Financial Stability - The UK's expedition into releasing a digital pound has triggered a strong debate among policymakers and finance experts. The House of Commons Treasury Committee has shown concerns, cautioning that bringing a central bank digital currency in the UK ...
1 year ago Cysecurity.news
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
1 month ago Cybersecuritynews.com
Microsoft SFI progress report elicits cautious optimism | TechTarget - "After a year, it looks like Microsoft has made some smart and substantive initial progress in elevating security across the whole organization: investment in security-focused head count, inclusion of security into performance reports across the ...
7 months ago Techtarget.com
5 Essential Insights from the Microsoft Digital Defense Report 2023 - This year's report identified significant developments, some of which may sound familiar - such as the pressing need for more cyber defenders - and others that are newer. The report is based on insights synthesized from 65 trillion daily signals by ...
1 year ago Darkreading.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
Digital ID adoption: Implementation and security concerns - As digital transformation accelerates, understanding how businesses are preparing for and implementing digital ID technologies is crucial for staying ahead in security and efficiency, according to Regula. The role of digital identity in efficiency ...
1 year ago Helpnetsecurity.com
Microsoft Boosts MSA Signing Service Security on Azure Following Storm-0558 Breach - “We have applied new defense-in-depth protections, migrated the Microsoft Account (MSA) signing service to run on Azure confidential VMs, and we are migrating the Entra ID signing service to Azure confidential VMs,” states the report, ...
1 month ago Cybersecuritynews.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Navigating Microsoft's Innovations For 2023: Get Up to Date With The Latest Developments - In the world of digital technology, staying up-to-date with the latest advancements and innovations is becoming increasingly important. As one of the leading technology companies in the world, Microsoft is constantly introducing new innovations in ...
2 years ago Hackread.com
Online safety laws: What's in store for children's digital playgrounds? - As children's safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm. Tomorrow is Safer Internet Day, an annual awareness campaign that started in Europe in 2004 ...
2 years ago Welivesecurity.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com