5 Essential Insights From the 'Microsoft Digital Defense Report 2023'

Since 2005, Microsoft has released annual security intelligence reports, now known as the "Microsoft Digital Defense Report," as a way to track evolving cybersecurity trends and illuminate today's biggest threats. This year's report identified significant developments, some of which may sound familiar — such as the pressing need for more cyber defenders — and others that are newer.

The report is based on insights synthesized from 65 trillion daily signals by more than 10,000 security and threat intelligence experts across 135 million managed devices and over 15,000 security partners. This data is also used to inform our security recommendations and mitigation strategies for customers year-round.

As we analyze this threat intelligence and look for more effective ways to counter adversaries at the speed of attack, artificial intelligence (AI) will be critical in tipping the scales back in favor of cyber defenders — enabling them to detect and respond to threats in near real time, upskilling them with alert prioritization and guidance, and bridging critical infrastructure gaps. However, for AI to be effective, security teams must have all the insights and resources necessary to realize the full promise of this technology.

Following are five key learnings from the "Microsoft Digital Defense Report 2023."

Human-Operated Ransomware Attacks Are Increasing

Human-operated ransomware attacks have increased by more than 200% since September 2022, and we expect this trend to continue as ransomware operators leverage automation, AI, and hyperscale cloud systems to scale and maximize the effectiveness of their attacks.

Of the 123 ransomware-as-a-service (RaaS) affiliates that Microsoft tracks, 60% of their attacks used remote encryption and 70% were directed against organizations with fewer than 500 employees. If organizations are to protect their identity, data, and endpoints against ransomware, there should implement a few foundational principles.

All users should be relying on modern authentication with phish-resistant credentials rather than passwords, which are much easier to compromise. We also recommend applying least-privilege access across the entire technology stack and taking steps to create a threat- and risk-free environment. Security posture management will be critical — both for compliance and the health of devices, services, and assets — and automatic cloud backup and file-syncing should be implemented for user and business-critical data.

Password-Based Attacks Increased Dramatically

Password attacks increased tenfold between April 2022 and April 2023, according to Microsoft Entra data. This rise is likely due to porous security, as many organizations have not enabled multifactor authentication for their users. This critical security gap leaves them vulnerable to phishing, credential stuffing, and brute-force attacks. One strategy for countering this trend is to use non-phishable credentials.

Business Email Compromise (BEC) Is at an All-Time High

Similarly, BEC attacks are at an all-time high, with an average of 156,000 BEC attempts made every day from April 2022 to April 2023. Increased intelligence sharing between the public and private sectors is one way to enable faster, more impactful BEC response. As part of this effort, the Microsoft Digital Crimes Unit is actively tracking and monitoring 14 commercial sites that sell distributed denial-of-service (DDoS) offerings, including one situated in the Dark Web.

Nation-State Threats Are Expanding in Scope and Scale

Nation-state groups have increased the global scope of their cyber operations, targeting critical infrastructure, education, and policymaking organizations for geopolitical and espionage-focused reasons. Organizations can better detect possible espionage-related breaches by monitoring changes to mailboxes and permissions.

We're also seeing more frequent use of combined influence and cyber operations to spread favored propaganda narratives, stoke social tensions, and amplify doubt and confusion. These operations are often carried out amid armed conflicts and national elections. Although AI-generated profile pictures are a long-standing nation-state tactic, we believe groups will begin using more sophisticated AI tools to create multimedia content moving forward.

AI, LLMs Are Crucial Enablers of Cybersecurity

AI will be critical for enhancing and augmenting the work of cyber defenders by automating repetitive tasks and identifying hidden patterns and behaviors. Large language models (LLMs) also have a role to play, contributing to threat intelligence, incident response and recovery, monitoring and detection, testing and validation, education, and security governance, risk, and compliance.

However, guardrails are needed. We as a community must secure a future of responsible AI by design to maintain user trust, protect privacy, and create long-term benefits for society. Microsoft's AI Red Team of interdisciplinary experts is helping build this future of safer AI. Our AI Red Team emulates the tactics, techniques, and procedures (TTPs) of real-world adversaries to identify risks, uncover blind spots, validate assumptions, and improve the overall security posture of AI systems.

In conclusion, the "Microsoft Digital Defense Report 2023" paints a vivid picture of the evolving cybersecurity landscape and how basic security hygiene protects against 99% of attacks. As businesses navigate these complex risks and changing threats, the insights from the report outline a path forward for upleveling the whole of cyber defense. The collaboration between technology, public and private sector cooperation, and advanced AI-driven defenses will be key to ensuring a secure and resilient future for all.

— Read more Partner Perspectives from Microsoft Security