News

Microsoft's 'Digital Defense Report' Highlights Russian Attacks and Ransomware Gangs

• By Kurt Mackie
• 10/08/2021

Microsoft on Thursday announced the release of its annual "Digital Defense Report," which catalogs nation-state and criminal attacks, as well as some countermeasures to take.

This year's report, at 134 pages, is quite detailed, with sections on cybercrime, nation-state threats, supply-chain attacks and Internet of Things attacks. The report includes security suggestions for organizations with remote workforces. It has a section describing the use of social media to spread disinformation, as well.

Microsoft has a lot of its operations devoted to cybersecurity, with $20 billion announced recently, and its "Digital Defense Report" reads like something that the U.S. FBI or NSA might issue. Microsoft currently monitors "over 24 trillion daily security signals," blocking 32 billion e-mail threats, 31 billion identity threats and 9 billion endpoint threats.

This report apparently is the second of its type. Microsoft had released a "Digital Defense Report" last year, which seems to have evolved from its earlier "Security Intelligence Report" (SIR) format. The Security Intelligence Reports had a greater focus on malware families than is found in the sprawling "Digital Defense Report," which is more of a report on digital crimes generally.

Nation-State Attacks
This new report has extensive sections on the evolution of ransomware into ransomware-as-a-service gangs. It also lists nation-state attackers, with Russia topping the list.

Russia's heavy involvement was emphasized in the announcement by Tom Burt, Microsoft's corporate vice president for customer security and trust, who stated that "58% of all cyberattacks observed by Microsoft from nation-states have come from Russia." Russia's top targets are the "United States, Ukraine and the UK," Burt indicated, and mostly for intelligence gathering. Other top nation-state attackers listed in the report were "North Korea, Iran and China."

On the nation-state front, tools to target software in the development stage, like what occurred with the "supply-chain" compromise of Solar Winds' Orion IT software, will become more common, the report predicted.

"Microsoft expects tools designed to target and compromise IT supply chains to enter the mainstream and become more common, making concepts like Zero Trust architecture a priority from software development through deployment and updating," the report stated.

Ransomware Attacks
The ransomware section of the report is extensive, and even reproduces chat sessions with perpetrators.

The United States is overwhelmingly targeted with ransomware. Top ransomware targets include consumer and retail organizations (13 percent), insurance and financial organizations (12 percent), manufacturing and agriculture (12 percent), government and IGOs (11 percent), health care (9 percent) and education (7 percent), among others.

"Despite continued promises from ransomware actors not to attack hospitals or healthcare companies during a pandemic, healthcare remains in the top-five sectors victimized by human-operated ransomware," the report stated.

Actionable Insights
The report has an "Actionable Insights" section at the end with some practical advice for organizations. Organizations should take the following actions:

• Enable multifactor authentication, which thwarts phished credentials.
• Use least-privileged access for accounts, including just-in-time access.
• Keep software updated and correctly configured.
• Use anti-malware solutions, particularly cloud-connected ones.
• Use data loss prevention solutions to protect data.

Those sorts of practices would protect against "98% of attacks," the report contended.

Burt noted that less than one-fourth of Microsoft's customers are using multifactor authentication (MFA), even though Microsoft provides it for free.

Fewer than 20% of our customers are using strong authentication features like multifactor authentication, or MFA. We offer this for free, and organizations can turn it on by default for their users. In fact, if organizations just applied MFA, used anti-malware and kept their systems updated, they would be protected from over 99% of the attacks we see today. 

The report reads like a crime and espionage novel and has plenty of insights for organizations trying to come to grips with things like ransomware, phishing and business e-mail compromise types of attacks.

In addition to Burt's Thursday announcement, there's an overview of Microsoft's current and forthcoming activities on the cybersecurity front by Vasu Jakkal, corporate vice president for security, compliance and identity, in this Oct. 4 Microsoft announcement.