Microsoft has warned companies that many still need to improve their security measures to protect themselves against some of the worst threats out there today.
The company has released its annual Microsoft Digital Defense Report (MDDR) for 2022, which contains alarming data on the threats such as: identity theftransomware and phishing attacks it has seen in the past year.
The report sheds light on some vague trends with no concrete solutions, such as ransomware-as-a-service replacing the concept of “gangs” and impacting operations spreading propaganda around Covid-19 vaccines and the war in Ukraine.
Microsoft Threat Alerts
Speaking at a press conference for the launch of the MDDR, Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft, stated that while nothing in the report would be “unexpected,” all trends are “going in the wrong direction.”
He also said it would be impossible for the 2022 MDDR not to focus on the conflict between Russia and Ukraine and the increasing aggression in the cyberactivity of other nation-states.
“For example, actors from Iran [are] involved in destructive attacks, particularly targeting Israel, and so the increasing willingness of nation-state actors to use cyberweapons for destructive purposes is clearly a worrying trend,” said Burt.
This followed an earlier Announcement (opens in new tab) that Microsoft would extend its “vital”, free technology support for Ukraine until 2023.
Burt claimed that since the conflict between Russia and Ukraine began in February 2022, this support has meant that several of his ministries have Cloud backup presence and signing signatures for “seven or eight generations” of malware entering their systems.
Burt also highlighted the report’s claims that the threat of ransomware continues to grow and that perpetrators are becoming more brutal in attacking nation-states. BingoTingo Pro reported on targeting various ransomware campaigns healthcare, government, and education organizations in the past, putting sensitive patient, citizen and child data at risk.
But Microsoft notes that in some cases, ransomware attacks can have even more damaging consequences. The MDDR cites the example of Costa Rica being forced to declare a national emergency after hospitals were closed and tax collection halted following a ransomware attack in May 2022.
The report explains that an increase in ransomware attacks can be linked to “ransomware-as-a-service” becoming the dominant model, making it even easier for threat actors to launch attacks, as the barrier to access is reduced for unskilled customers who simply pay to access existing tools.
Security Advisory from Microsoft
According to the data, 99% of all ransomware attacks attempt to tamper with discovered security and backup products using “operating system built tools”.
Microsoft also discovered that ransomware attacks still use compromised account data, such as: passwords, to succeed. 75% of all attack signals used “acquired elevated compromised user accounts to distribute malicious payloads”. The same percentage of attacks also used admin tools to succeed.
In a section titled “Cyber Resilience,” Microsoft claims that 100% of all attacks it recorded used stolen credentials, including but not limited to passwords.
It positions securing credentials using techniques such as multi-factor authentication (MFA) as one of the most important things an organization can do for its security posture.
Switching to new authentication techniques can present its own security issues. The MDDR discusses “MFA fatigue”. Here, attackers without access to a system make repeated account access requests and rely on the real owners of those accounts to get frustrated and accept the request, so the notifications disappear.
Microsoft notes that this can be thwarted by using non-intrusive authenticator apps that don’t rely on notifications, but temporary codes served through the app. These apps include Microsoft Authenticator, in addition to Google Authenticator and Twilio’s Authy, all of which are free.
Zero Trust approach
Microsoft is also using this year’s MDDR to advocate for a Zero trust approach to safety. Zero Trust environments assume that every employee in an organization can pose a threat and are fast becoming the cross-industry standard.
In addition to MFA, the company outlines other strong Zero Trust practices, such as authenticating users and devices before granting access to resources, giving access the minimum privilege required, and always assuming systems have been compromised, necessitating constant monitoring for attacks. .
The MDDR claims that “basic security hygiene” protects against 98% of all attacks, so while Zero Trust is inconvenient, it is imperative for organizations in the modern age to survive.
Microsoft Security Services
Of course, Microsoft’s own report also shows off its own capability to monitor threats, and how that positions it as the company best positioned to provide solutions to counter them.
“We are working to ensure that we are advising readers, our customers and others on the Internet about the best steps to take to protect against lingering risks and risks that represent emerging trends,” Burt said of the MDDR. .
Microsoft suggests throughout the MDDR that organizations implement some of its products in their tech stack to protect against and deal with threats, such as the Security Service Line for support during a ransomware attack, and Microsoft Defender for End point for cloud-based protection.