This year's report identified significant developments, some of which may sound familiar - such as the pressing need for more cyber defenders - and others that are newer.
The report is based on insights synthesized from 65 trillion daily signals by more than 10,000 security and threat intelligence experts across 135 million managed devices and over 15,000 security partners.
This data is also used to inform our security recommendations and mitigation strategies for customers year-round.
As we analyze this threat intelligence and look for more effective ways to counter adversaries at the speed of attack, artificial intelligence will be critical in tipping the scales back in favor of cyber defenders - enabling them to detect and respond to threats in near real time, upskilling them with alert prioritization and guidance, and bridging critical infrastructure gaps.
For AI to be effective, security teams must have all the insights and resources necessary to realize the full promise of this technology.
Human-Operated Ransomware Attacks Are Increasing Human-operated ransomware attacks have increased by more than 200% since September 2022, and we expect this trend to continue as ransomware operators leverage automation, AI, and hyperscale cloud systems to scale and maximize the effectiveness of their attacks.
Of the 123 ransomware-as-a-service affiliates that Microsoft tracks, 60% of their attacks used remote encryption and 70% were directed against organizations with fewer than 500 employees.
Security posture management will be critical - both for compliance and the health of devices, services, and assets - and automatic cloud backup and file-syncing should be implemented for user and business-critical data.
Password-Based Attacks Increased Dramatically Password attacks increased tenfold between April 2022 and April 2023, according to Microsoft Entra data.
This rise is likely due to porous security, as many organizations have not enabled multifactor authentication for their users.
This critical security gap leaves them vulnerable to phishing, credential stuffing, and brute-force attacks.
Business Email Compromise Is at an All-Time High Similarly, BEC attacks are at an all-time high, with an average of 156,000 BEC attempts made every day from April 2022 to April 2023.
Increased intelligence sharing between the public and private sectors is one way to enable faster, more impactful BEC response.
As part of this effort, the Microsoft Digital Crimes Unit is actively tracking and monitoring 14 commercial sites that sell distributed denial-of-service offerings, including one situated in the Dark Web.
Nation-State Threats Are Expanding in Scope and Scale Nation-state groups have increased the global scope of their cyber operations, targeting critical infrastructure, education, and policymaking organizations for geopolitical and espionage-focused reasons.
Although AI-generated profile pictures are a long-standing nation-state tactic, we believe groups will begin using more sophisticated AI tools to create multimedia content moving forward.
AI, LLMs Are Crucial Enablers of Cybersecurity AI will be critical for enhancing and augmenting the work of cyber defenders by automating repetitive tasks and identifying hidden patterns and behaviors.
Large language models also have a role to play, contributing to threat intelligence, incident response and recovery, monitoring and detection, testing and validation, education, and security governance, risk, and compliance.
Microsoft's AI Red Team of interdisciplinary experts is helping build this future of safer AI. Our AI Red Team emulates the tactics, techniques, and procedures of real-world adversaries to identify risks, uncover blind spots, validate assumptions, and improve the overall security posture of AI systems.
As businesses navigate these complex risks and changing threats, the insights from the report outline a path forward for upleveling the whole of cyber defense.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 20 Dec 2023 14:00:09 +0000