Microsoft has warned businesses that many still need to up their security protections in order to stay safe from some of the worst threats around right now.
The company has released its annual Microsoft Digital Defence Report (MDDR) for 2022, offering alarming data on the threats such as identity theft, ransomware and phishing attacks that it has seen in the past year.
The report sheds light on a number of nebulous trends with no concrete solutions, such as ransomware-as-a-service replacing the concept of “gangs”, and influence operations spreading propaganda surrounding Covid-19 vaccines and the war in Ukraine.
Microsoft threat warnings
At a press briefing for the MDDR's launch, Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft stated that although nothing in the report would be “unexpected”, all of the trends were “moving in the wrong direction”.
He also said it would be impossible for 2022’s MDDR to not focus on the Russia-Ukraine conflict, and rising aggression in the cyber activity of other nation states.
Burt noted that the number of cyberattacks being launched by individual nation states to target critical infrastructure has doubled since last year, surging from 20% to 40%.
“For example, actors from Iran [are] engaging in destructive attacks especially targeting Israel, and so the increasing willingness of nation state actors to use cyberweapons for destructive purposes is clearly a worrisome trend,” he said, while namechecking North Korea and China as other key aggressors.
This followed an earlier announcement that Microsoft would be extending its “vital”, free of charge technology support for Ukraine through 2023.
Burt claimed that, since the Russia-Ukraine conflict began in February 2022, this support has involved giving several of its ministries a cloud backup presence and signing signatures for “seven or eight generations” of malware entering their systems.
Burt also re-emphasized the report’s claims that the threat of ransomware continues to grow, and that perpetrators are becoming more brazen in attacking nation states. TechRadar Pro has reported on several ransomware campaigns targeting healthcare, government, and education organizations in the past, putting sensitive patient, citizen, and child data at risk.
But Microsoft notes that, in some cases, ransomware attacks can have much even more damaging implications. The MDDR gives the example, among others, of Costa Rica being forced to declare a national emergency, after hospitals were shut down and tax collection was halted following a ransomware attack in May 2022.
The report explains that an increase in ransomware attacks can be linked to “ransomware-as-a-service” becoming the dominant model, making it even easier for threat actors to launch attacks as the barrier for entry is lowered to unskilled clientele who simply pay for access to existing tools.
Microsoft’s security advice
According to the data, 99% of all ransomware attacks attempt to tamper with discovered security and backup products using “OS-built tools”.
Microsoft also found that ransomware attacks continue to utilize compromised account data, such as passwords, to succeed. 75% of all attack signals used “acquired elevated compromised user accounts to spread malicious payloads”. The same percentage of attacks also used admin tools to succeed.
In a section titled “Cyber Resilience”, Microsoft claims that 100% of all attacks that it recorded used stolen credentials, including but not limited to passwords.
It positions securing credentials using techniques such as multi-factor authentication (MFA) as one of the most important things an organization can do for its security posture.
Switching to new credential techniques can present its own security posture issues. The MDDR discusses “MFA fatigue”. Here, attackers with no access to a system repeatedly make account access requests, and rely on the real owners of those accounts growing frustrated and accepting the request so the notifications go away.
Microsoft notes that this can be thwarted via the adoption of non-intrusive authenticator apps that don’t rely on notifications, but temporary codes served via the app. These apps include Microsoft Authenticator, in addition to Google Authenticator and Twilio’s Authy, all of which are free.
Zero Trust approach
Microsoft also uses this year's MDDR to advocate for a Zero Trust approach to security. Zero Trust environments assume that any employee in an organization can pose a threat, and is fast becoming the cross-industry standard.
Beyond MFA, the company outlines other strong Zero Trust practices such as verifying users and devices before allowing access to resources, giving that access the minimum level of privilege required, and always assuming that systems have been breached, necessitating constant monitoring for attacks.
The MDDR claims that “basic security hygiene” protects against 98% of all attacks, so while Zero Trust is inconvenient, it is absolutely necessary for organizations in the modern age to survive.
Microsoft’s security services
Naturally, Microsoft’s own report also boasts of its own ability to monitor threats, and how that positions it as the company best positioned to offer solutions to counter them.
“We work to make sure that we’re providing advice to the readers, our customers and others on the internet as to the best steps that can be taken to protect against ongoing risks and those that represent new trends,” Burt said of the MDDR.
Microsoft suggests throughout the MDDR that organizations implement a number of its products into its tech stack to protect against and deal with threats, such as its Security Service Line for support throughout a ransomware attack, and Microsoft Defender for Endpoint for cloud-based protection.
- Here’s our list of the best cloud firewalls right now
