Microsoft have just released the latest Digital Defence Report, and the findings are not great. The report is one which Microsoft produces annually and this latest one covers the period from July 2022 through to June 2023.

In this latest report, the results show that there aren’t many new issues, but more that the ones we already know about are simply getting worse.

Ransomware operators are shifting heavily toward hands on keyboard attacks, using living‑off‑the‑
land techniques and remote encryption to conceal their tracks, and exfiltrating data to add pressure
to their ransom demands. And cybercriminals are improving their ability to impersonate or compromise legitimate third parties, making it even harder for users to identify fraud until it’s too late.

The State of Cybercrime – Microsoft Digital Defense Report 2023

Key findings from the report

The report splits the results into multiple sections, but some key figures show that:

  • Ransomware
    • 80-90% of all successful ransomware attacks occur via unmanaged devices
    • 70% of organisations suffering human-operated ransomware have fewer than 500 employees
    • Password-based attacks are the most common way organisations get breached
    • Human-operated ransomware attacks increased by more than 200%
  • Nation-state
    • Nation-state attacks have moved from destructive attacks to espionage
    • Russian state-sponsored attacks use a diverse set of methods to target NATO member states
    • Russian threat groups using influence tactics to sow distrust against Ukranians
    • Chinese cyber-attackers carry out some of the most sophisticated attacks
    • North Korean attackers favour supply chain attacks via known supply chain compromises
    • Iranian cyber attacks leverage cloud technologies, and are the quickest to utilise new vulnearbilities
    • 41% of threat notifications sent by MS to customers went to CNI organisations
  • IoT
    • Of the 78% of IoT devices with known vulnerabilities, 46% cannot be patched
    • 25% of IoT devices on customer networks use unsupported systems
    • Attacks against open source software has increased by 742% since 2019
    • 57% of devices using legacy software have over 10 known vulnerabilities
  • General
    • 17% of attacks utilised known Remote Management and Monitoring (RMM) tools
    • Phishing campaigns increase in sophistication
    • 90% of phishing campaigns involve social engineering
    • 156,000 Business Email Compromise (BEC) attacks seen daily
    • 4,000 password attacks blocked every second by MS systems (30B per month)
    • 6,000 MFA fatigue attacks seen per day
    • MS observed 158 million cases of user password reuse in June 2023
    • 1,700 DDoS attacks per day mitigated
    • 20% increase in DDoS-for-hire services

Privileged position

Microsoft are in a very privileged position to produce an accurate view of the world of cyber attacks due to the sheer amount of data they receive.

10,000 security experts analyze over 65 trillion signals each day with the help of AI, and Microsoft Threat Intelligence teams track hundreds of threat actor groups worldwide. The Microsoft security ecosystem includes more than 15,000 security partners with specialized solutions, while the global open community of security researchers and testers contribute to bug bounties and security challenges.

Microsofts unique vantage point for cyber security research

Must do better

The report highlights that 99% of the issues faced by companies can be mitigated by well-established cyber-hygiene processes.

  1. Enable Multi-factor authentication (MFA)
  2. Apply principles of Zero-Trust
  3. Use Extended Detection and Response (XDR) and antimalware
  4. Keep systems up to date
  5. Protect data everywhere

The report also highlights the fact that the cyber security industry as a whole is so fragmented, not enough collaboration is happening that would allow for experts to fully utilise the vast amount of data available to help improve security on a global scale.

The report hopes that the new Cybercrime Atlas will maximize global data collection while ensuring intelligence is thoroughly cleansed, enriched, and vetted by experts from diverse industries.

The Cybercrime Atlas is an initiative from the World Economic Forum (WEF) to map activities of cybercriminals and create a database that can be used by law enforcement across the world to disrupt the cyber-criminal ecosystem.

The Cybercrime Atlas officially launched in February 2023 in a partnership between WEF and Banco Santander, Fortinet, Microsoft, and PayPal.

All the information collected is investigated to find the single source of truth, cull out the noise and have human verified intelligence.

The aim is to build a comprehensive picture of the cybercrime landscape covering criminal operations, shared infrastructure, and networks.

Related Articles

(01/11/23) Blog 305 – Cyber partnership agrees to not pay any ransoms
365 days of blogs / October

(01/11/23) Blog 305 – Cyber partnership agrees to not pay any ransoms

Mark
(30/04/23) Blog 120 – UK gun owners cautioned after cyber-attack
365 days of blogs / October

(30/04/23) Blog 120 – UK gun owners cautioned after cyber-attack

Mark
(24/05/23) Blog 144 – DDoS attack still a force to be reckoned with
365 days of blogs / October

(24/05/23) Blog 144 – DDoS attack still a force to be reckoned with

Mark
(11-03-23) Blog 70 – Password Managers, what are they & should you use one?
365 days of blogs / October

(11-03-23) Blog 70 – Password Managers, what are they & should you use one?

Mark
(05/12/23) Blog 339 – NCSC launches Cyber Incident Exercising scheme
365 days of blogs / October

(05/12/23) Blog 339 – NCSC launches Cyber Incident Exercising scheme

Mark