Illuminating the threat landscape and empowering a digital defense.
From the state of cybercrime to a part focusing on Nation-state threats and how general exposure of devices and infrastructure are been leveraged by TAs and the focus of foreign entities driving cross-border cyber influence operations to what can be done to stay cyber resilience amidst all of this chaos. Here are the major highlights of the 114 pages report of Microsoft Digital Defense Report 2022 with actionable insights for stakeholders, business decision-makers, and security operations teams.
The State of Cybercrime
In recent times, cyberspace has improved its defense as a result of Public and Private Organizations enforcing proactive Countermeasures to protect it. However, TAs with their unending attack TTPs have devised two approaches to gain initial access into systems – one approach is to launch a campaign with wider targets that rely on volume. The second approach uses surveillance and precise targeting to increase the rate of return. These Threat Actors’ [TAs] objectives are not financially motivated – such as Nation State actions for political objectives, both the random and targeted are utilized. Cybercriminals have continued to leverage social engineering and exploitation of topical situations to increase the success of their attacks in this concluding year – an example is the increased phishing email soliciting donations to support citizens of Ukraine.
They (TAs) have also resorted to compromising businesses to host phishing campaigns, malware, crypto-miners etc. to look legitimate on the network and lower the cost of operations.
As a result of the Russian invasion of Ukraine, Hacktivism has gained prominence as several people now engage in cyber-attacks majorly for social and political objectives. Some of the attacks include website defacement, stolen data leakages etc. However, it is unlikely to predict an end to this campaign even when the Russia-Ukraine war ends
Organizations must always review and strengthen their security controls and strategies to be resilient. The Digital Crimes Unit (DCU) have investigated and ceased infrastructures used by cybercriminals over the years and has drafted proactive measures organizations can take to protect themselves and cyberspace at large against the ever-evolving cybercrimes.
As organizations improve their security posture, adversaries have also adapted and sophisticated their attack TTPs by utilizing automation, cloud infrastructure and remote access technologies to increase their attack boundaries. These new approaches have resulted in large-scale attacks, especially in the corporate supply chain. TAs developed new ways to rapidly exploit unpatched vulnerabilities, and network compromise by leveraging open source and other legitimate software to ensure obfuscation; making detection to access difficult.
The war in Ukraine has also escalated cyberattacks globally as power systems, telecommunication systems, media and other critical infrastructures became targets for both physical attacks and cyberattacks. Though, cloud migration aided in quick real-time detection and disruption of these attacks.
Interestingly, Machine Learning (ML) aided behavioural detections have successfully prevented attacks without prior knowledge of underlying malware before being identified.
Nation-State TAs especially China, North Korea, Iran and Russia have expanded their operations in dynamic ways to gain access points to several organizations exploiting trusted relationships in the enterprise supply chain.
Nation-state actors are utilizing commodity malware and open-source offensive tools to exploit poorly configured or unpatched enterprise systems (VPN/VPS infrastructure, on-premises servers, and third-party software) to perform living-off-the-land
Using tools like RiskIQ to get external information on your attack surface and enabling MFA, patching, anti-tamper features and other security baselines are measures to defend against sophisticated TAs.
Nations state actors like Iran and North Korea have used commodity ransom malware to conduct attacks damaging targeted systems-critical infrastructures within regional rivals. Also, Nation-state actors will continue to evolve their attack TTPs as cyber mercenaries develop and sell sophisticated tools to attack third-party solutions and organizations.
Devices and Infrastructure
Recent past years and the COVID-19 pandemic have seen industries embrace digitalization to survive. The wide adoption of internet-facing devices has caused an unprecedented increase in digital attack surfaces.
Although organizations have strengthened their defense system, TAs have continually leveraged the adoption and migration of on-premises services to the cloud in conducting attacks affecting both traditional IT equipment to Operational technology (OT) controllers or IoT sensors. TAs are exploiting these devices to gain access to networks and disrupt OT operations.
Nation-state actors and other cyber criminals have understood the importance of critical infrastructures to organizations and the vulnerabilities of IoT and OT being a big challenge as they cannot be disabled, resulting in attacks – Colonial pipeline.
Good News! Policymakers and network defenders are accelerating the development of laws and regulations to build trust in the cyber security of critical infrastructures and devices.
Microsoft is partnering with governments around the world to improve cybersecurity operations and reduce security challenges.
For organizations to reach an enhanced security posture, they have to incorporate three holistic approaches – one approach is to implement continuous monitoring of IoT and OT devices, two is to “shift-left” i.e demand and implement security best practices, the third is to implement the security monitoring solution for both IT and OT networks.
Cyber Influence Operations
Foreign influence has leveraged social media to conduct a wide range of information operations and propaganda campaigns.
Foreign influence TTPs are evolving as they use advanced technologies such as deep fakes to weaponize and undermine the credibility of journalists. Researchers are working tirelessly to curtail these actions using AI systems that can spot fakes.
Nation states have to deploy propaganda campaigns to interfere in state elections and pose threats to democracy.
Microsoft in its support of a healthy information ecosystem and curb nation-state propaganda has acquired Miburo Solutions and partnered with other stakeholders to take down actors who seek to undermine democratic processes and institutions.
RaaS has enabled TAs to utilize affiliate networks to conduct attacks, thereby lowering the barrier to entry for less skilled cyber criminals and ultimately expanding the attack force. Though, Microsoft has designed a ransomware elimination program to remediate gaps in controls and coverage.
Supply chain and third-party suppliers are advised to move to the cloud which has more robust security as TAs are attacking on-premises systems disrupting customers, partners and governments.
Lastly, it is imperative to build cyber-resilience security measures to contain and protect from unending and ever-evolving cyber threats.