When one wants to get an overview of global cybersecurity developments and trends, few sources are as reliable as Microsoft Digital Defence Report. Everyone knows the strength and ubiquity of the US company. Still, not everyone knows that for its annual report on criminals and solutions to protect one’s data, Microsoft relies on an enormous amount of data, summarised as ‘65 trillion signals collected daily from its ecosystem‘, as stated by Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft.

From here, and thanks to the work of some ten thousand engineers and other industry experts, the latest report takes shape, which in 130 pages encompasses the analysis of cybercrime, the role of AI and the evolution of misinformation from July 2022 to June 2023. Significant highlights include increasing the global reach of attacks, changing techniques by nation-states with a tendency to steal information and monitor communications to manipulate the content people read, increasingly sophisticated ransomware attacks, and AI as a new threat and defence opportunity.

State attacks – Microsoft Digital Defence Report:

It is undoubtedly striking how attacks on NATO member states have increased, ultimately aimed at manipulating the political landscape and carrying out propaganda operations on public opinion. If last year Russia had been the protagonist with the attacks towards Ukraine, this time China, Iran and North Korea have been added, active in offensives to gather information and spy on countries deployed in support of their respective enemies. Looking at Europe, Ukraine remains the most targeted country with more than a third of the total attacks (33%), behind it is the United Kingdom (11%), then France and Poland (5), ahead of Italy (4%) and Germany (3%). Overall, 120 countries were attacked by cybercriminals.

The priority is to manipulate information

Another significant difference is the behaviour of those carrying out these attacks, which until last year were mainly motivated by the desire to gain or destroy data. Now, the primary goal of the attackers is to obtain information and control communications in order to conduct disinformation campaigns to influence people and undermine the credibility of rival democratic institutions. Microsoft specifies that an example in this sense is the Russian campaigns aimed at fuelling anti-war sentiments through friendly groups of ‘pacifists’ used to push Western governments to suspend or reduce military aid to Ukraine. A script repeated with China towards Taiwan and operations in Indonesia, Malaysia and the Philippines.

Upsurge towards MFA

The surge in identity attacks, particularly targeting Multi-Factor Authentication (MFA), also gives pause for thought. Regarded as one of the simplest and most effective forms of defence for any organisation, as it reduces the risk of a breach by 99.2%, MFA is exploited by cybercriminals with the hope of exhausting the recipient. By bombarding them with notifications, hackers aim to ride on the user’s tiredness or distraction, who thus accidentally ends up providing their data. The report’s figures speak for themselves: in the first three months of 2023 alone, fatigue MFA attempts rose from 3 billion to 30 billion per month, with an average of around 4,000 password attacks per second. Obviously, such a massive increase in attacks shows how many people fall victim to the trap.

The rise of ransomware and the importance of GenAI

The ransomware front remains hot, with companies reporting a 200% increase in manually operated attacks with customised ransom demands since September 2022. It should be noted that almost 70% of the victims of these attacks are companies with employees of less than 500. In comparison, 60% of cybercriminals who rely on ransomware tend to use remote encryption systems to reduce the signs of their presence. At the same time, Microsoft has verified a doubling of cases of potential data exfiltration after cyber criminals have compromised an environment. 

Finally, there is an extensive chapter on generative artificial intelligence, which has already become useful for criminals and corporate security managers. Hackers have long been using it to perfect phishing messages and to create better-defined texts and images that are difficult to recognise as fakes for propaganda operations. On the other hand, however, GenAI helps detect threats and automates a number of tasks (prediction of suspicious activity and data analysis), allowing experts to focus on other tasks.