Home / Explore our latest insights / Key insights into Microsoft’s new Digital Defense Report

Published: 8th December 2022 | In: Insights

The 114-page paper covers the five main themes of The State of Cybercrime, Nation State Threats, Devices and Infrastructure, Cyber Influence Operations and Cyber Resilience.

Investing more than $1 billion per year into cyber security, Microsoft shares its latest insights to make organisations fully aware of the scale and seriousness of the situation, and empower them to improve their cyber resilience. The very nature of cybercrime means it’s continuously changing – and often unpredictably. Our partner currently tracks 35 ransomware families, over 250 unique nation-states, cybercriminals and other threat actors. They outline important trends which are increasing risks for every business, government department and charity around the globe today, such as the rise of Ransomware-as-a-Service (RaaS) and double extortion tactics, human-operated ransomware attacks and the emergence of Cybercrime-as-a-Service.

Confusing picture of cybercrime

The report explains how the lines that have, until now, separated financially motivated criminal groups from nation states are becoming blurred. In an effort to hide from threat hunters, there’s evidence that both groups are trying to adopt the tactics of the other to confuse incident investigators, cover their tracks and, when evidence of a breach is found, to lay the blame elsewhere.

A dedicated section titled Nation State Threats underlines the sophistication of cyber-attacks originating in China, Russia, Iran and North Korea, conducted to achieve their specific strategic aims. This may involve stealing valuable data and intellectual property or obtaining information to use in influence operations. “The sophistication and agility of attacks by nation state actors will continue to evolve each year,” Microsoft says. “Organisations must respond by being informed of these actor changes and evolve defences in parallel.”

Cyber security hygiene and weakest links

Among the most popular tactics, techniques and procedures (TTPs) used today are business email compromise (BEC) and homoglyph deception, whereby letters are swapped for replacement ones to create fake website URLs or email addresses. This means that employers need to keep training their workforces in cyber security awareness in addition to taking proactive steps such as conducting vulnerability management and applying offensive security to protect their assets before criminals can breach them.

While cybercriminals have always sought to breach poorly configured and unpatched systems, but even though an increasing number of organisations are finally improving their basic cyber security hygiene practices, criminals are shifting their focus to other areas. That includes supply chains – and, increasingly, corporate IT supply chains – to reach their prime targets indirectly. They are also focusing on Operational Technology (OT) and the Internet of Things (IoT), which are often less well protected than other parts of the IT estate. In extreme cases, audacious threat actors are using corporate infrastructure to host and launch their own phishing campaigns and even attempt crypto-mining.

Quorum Cyber’s thoughts

“Microsoft’s latest report emphasises the sophistication, complexity and ever-evolving nature of the cyber threats we protect organisations from every single day,” says Federico Charosky, Quorum Cyber Founder & CEO. “Today, more than one-third of the targets of human-operated ransomware are successfully compromised and, of those, 5% are ransomed. These statistics might seem worrying, but they clearly show the need for organisations in all sectors to put in place comprehensive, end-to-end cyber security solutions, like our Microsoft-verified Managed XDR service, to significantly minimise their exposure to risks around the clock.”

“Facing so many different kinds of known and unforeseen cyber threats, it might seem best for businesses to buy the latest security tools from multiple vendors to defend themselves in every scenario, but this has proven to be an ineffective and expensive strategy,” explains Scott Abney, Quorum Cyber Chief Revenue Officer (CRO). “With an unrivalled 1,000 years of combined Microsoft and cyber security experience, our 200-strong team of experts delivers the most innovative cyber security services in our industry. We’ve proven that by consolidating to a single vendor, companies achieve greater cyber resilience across their entire IT estate, continuously reduce business risk and lower the total of cost ownership.”

“The report shows that the timeframe from a vulnerability being identified to being exploited by threat actors is getting shorter and shorter, and, once a device is compromised, the median time for anyone who breaches your corporate network to start moving around is just 1 hour 42 minutes,” adds James Allman-Talbot, Quorum Cyber Head of Incident Response and Threat Intelligence. “While adopting good cyber hygiene practices and zero trust principles are now essential for every organisation, it’s really important for them to build a robust incident response strategy so that they are prepared for the worst and, if breached, can recover safely and quickly get their business back up and running.”