2020 has brought about major disruptions to both our physical and digital worlds. It has also enabled unprecedented acceleration of digital transformation that will have long reaching and beneficial effects on how we work, where we work and what kind of work we do. Necessity has ignited our ingenuity to meet the challenges of today but unfortunately change brings opportunity for both defenders and attackers.
While we defenders continue to struggle to keep up with the pace and rate of transformation within our own organizations we must also deal with the fact that while the world has experienced an unprecedented degree of change, so too has the cyberthreat landscape.
This new report is a reimagining of the Microsoft Security Intelligence Report (SIR) which was first published in 2005 and provides greater contributions and deeper insights from Microsoft’s thousands of security experts across 77 countries.
- In 2019, Microsoft blocked more than 13 billion malicious and suspicious mails, out of which more than 1 billion were URL-based phishing threats
- Cybercriminals are shifting away from malware to phishing attacks (~70%) with the goal of harvesting user credentials
- 90% of attacks start with an email
- IoT threats are constantly expanding and evolving; in the first half of 2020, there was a nearly 35% increase in total attack volume compared to the second half of 2019
- After the onset of COVID-19 and the change to remote work, MFA-enablement request saw an approximate twofold increase. More than 99% of password spray attacks use legacy authentication protocols, more than 97% of credential stuffing attacks use legacy authentication.
Threat intelligence, whether operational or strategic in nature, is only useful when it provides the timely and relevant context needed to make informed decisions and thus take appropriate action to mitigate attacks. It should answer questions such as who is likely to attack you, what their motivations may be and what their capabilities are including current and relevant assessments of adversary tactics, techniques and procedures.
The Digital Defence Report focuses on threats that are most novel and relevant to the community and for this inaugural edition, looking at the data and signals across all contributing teams, three top-level areas proved to be most relevant: cybercrime, nation state threats, and the remote workforce.
In each area and from the research and intelligence described in the report, Microsoft security experts have also complied recommended actions and proactive approaches to mitigate current and emerging threats. These include proactive measures such as enabling multi-factor authentication (MFA), embracing passwordless authentication, modernizing VPN architectures, limiting access with least privilege monitoring cross-cloud security and leveraging machine learning to increase fidelity and reduce alert fatigue.
Of course, there is a great deal of threat activity we don’t see, some of which is reported on and shared by others in the industry. While the defender community at Microsoft works hard to identify threats and keep our customers informed, attackers are highly skilled, constantly evolving their tactics and relentless in their pursuits. By continually sharing insights that we and others in the industry derive from the work we do, we hope to empower everyone to defend the online ecosystem more effectively.
In this ever-evolving landscape, learn more about the trends shaping cyber security through Microsoft’s Digital Defence Report by registering for our December 9th webinar and join our afternoon cyber team podcasts exploring these areas with industry experts. Learn how Microsoft solutions can help you build a holistic cyber security strategy.