Unpacking the Microsoft Digital Defense Report 2023

Microsoft’s comprehensive global report, subtitled ‘Building and improving cyber resilience’, which was released on 5th October, warns of the growing threat posed by cybercriminals of all kinds – nation-state actors, financially motivated criminals and the emerging subset of cyber mercenaries.

Covering the 12 months from July 2022 to June 2023, it outlines the main trends and developments that Microsoft observes worldwide, including the evolving tactics and techniques used by threat actors to infiltrate systems, and steal and encrypt data. However, despite the increase in frequency and sophistication of cyber-attacks, the report claims that “basic security hygiene still protects against 99% of attacks”.

The Microsoft Digital Defense Report takes a deep-dive into several key subjects, with dedicated chapters on The State of Cybercrime, Nation State Threats, Critical Cybersecurity Challenges, Innovating for Security and Resilience, and Collective Defense.

A common thread that runs through the report is Microsoft’s emphasis on collaboration and partnerships that “transcend borders, industries, and the public-private divide” that are now critical to build a “united front against cybercrime”. The final chapter is entirely focused on the power of collaboration, explaining how new global initiatives like the Cybercrime Atlas have been created to collectively unite against threat actors and how the major technology vendors are joining forces to invest in the security of open-source software.

While the majority of the paper summarises what’s been observed in the recent past, in the chapter devoted to innovation it looks to the near future. This section outlines how breakthroughs in artificial intelligence (AI) technology and large language models (LLMs) – including the upcoming Microsoft Security Copilot – will finally equip cyber defenders to compete on a level playing field with cyber attackers, who until now have always had the upper hand in an ever-more complex cyber ecosystem.

“While human ingenuity and expertise will always be a precious and irreplaceable component of cyber defence, technology has the potential to augment these unique capabilities with the skill sets, processing speeds, and rapid learning of modern AI,” states the report.

In a fast-paced landscape, the paper explains how cybercriminals’ behaviour has changed since mid-2022. They are now:

• Leveraging the cybercrime-as-a-service ecosystem to launch phishing, identity, and distributed denial-of-service (DDoS) attacks at scale
• Increasingly bypassing multi-factor authentication and other security measures
• Better at concealing their tracks by using living-off-the land techniques and remote encryption
• Exploiting cloud computing resources like virtual machines to launch DDoS attacks
• Shifting to human-operate ransomware attacks, which have risen by 200% since September 2022.

Microsoft’s annual report on the state of global cyber security provides an unparalleled analysis of the most dangerous threats facing all organisations today and an in-depth guide to how cybercriminals’ behaviours have changed in the past 15 months, says Federico Charosky, founder and CEO of Quorum Cyber. The paper details the current nation-state cyber operations that explain many of the activities analysts and researchers around the world see today. It’s a rallying cry for private and public sector organisations, governments and academia to unite and share intelligence and resources to protect the entire digital economy.

“Microsoft has a unique view of the global threat landscape and this highly anticipated report shares a wealth of valuable insights and data to help us continue to protect our customers and collaborate effectively with our growing group of partners,” says Paul Vasquez, Vice President of Alliances and Partnerships at Quorum Cyber.