[ad_1]
Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.
To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.
Background Note: According to Microsoft, the goal of the Microsoft Digital Defense Report, now in its third year, is to illuminate the evolving digital threat landscape across four key areas of focus: cybercrime, nation-state threats, devices & infrastructure, and cyber influence operations while providing insight and guidance on how to improve cyber resiliency. The 2022 update of this important report was published in early November and highlights the fact that on February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war. With an insightful introduction by Microsoft Corporate Vice President, Customer Security & Trust, Tom Burt, that speaks to this new cybersecurity world, the report may be beneficial for cybersecurity, information governance, and legal discovery professionals as they seek to keep up-to-date on areas ranging from cybercrime and Cybercrime-as-a-Service (CaaS) to new nation-state tactics and the rise of cyber mercenaries.
Microsoft Security Report*
Microsoft Digital Defense Report 2022
Illuminating the threat landscape and empowering digital defense.
Report Introduction Extract (Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft)
The state of cybercrime
Cybercriminals continue to act as sophisticated profit enterprises. Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure. At the same time, cybercriminals are becoming more frugal. To lower their overhead and boost the appearance of legitimacy, attackers are compromising business networks and devices to host phishing campaigns, malware, or even use their computing power to mine cryptocurrency.
Nation-state threats
Nation-state actors are launching increasingly sophisticated cyberattacks designed to evade detection and further their strategic priorities. The advent of cyberweapon deployment in the hybrid war in Ukraine is the dawn of a new age of conflict. Russia has also supported its war with information influence operations, using propaganda to impact opinions in Russia, Ukraine, and globally. Outside Ukraine, nation-state actors have increased activity and have begun using advancements in automation, cloud infrastructure, and remote access technologies to attack a wider set of targets. Corporate IT supply chains that enable access to ultimate targets were frequently attacked. Cybersecurity hygiene became even more critical as actors rapidly exploited unpatched vulnerabilities, used both sophisticated and brute force techniques to steal credentials, and obfuscated their operations by using open-source or legitimate software. In addition, Iran joins Russia in the use of destructive cyberweapons, including ransomware, as a staple of their attacks. These developments require urgent adoption of a consistent, global framework that prioritizes human rights and protects people from reckless state behavior online. All nations must work together to implement norms and rules for responsible state conduct.
Devices and infrastructure
The pandemic, coupled with rapid adoption of internet-facing devices of all kinds as a component of accelerating digital transformation, has greatly increased the attack surface of our digital world. As a result, cybercriminals and nation-states are quickly taking advantage. While the security of IT hardware and software has strengthened in recent years, the security of IoT and OT devices security has not kept pace. Threat actors are exploiting these devices to establish access on networks and enable lateral movement, to establish a foothold in a supply chain, or to disrupt the target organization’s OT operations.
Cyber influence operations
Nation states are increasingly using sophisticated influence operations to distribute propaganda and impact public opinion both domestically and internationally. These campaigns erode trust, increase polarization, and threaten democratic processes. Skilled Advanced Persistent Manipulator actors are using traditional media together with internet and social media to vastly increase the scope, scale, and efficiency of their campaigns, and the outsized impact they are having in the global information ecosystem. In the past year, we have seen these operations used as part of Russia’s hybrid war in Ukraine, but have also seen Russia and other nations, including China and Iran, increasingly deploy propaganda operations powered by social media to extend their global influence on a range of issues.
Cyber resilience
Security is a key enabler of technological success. Innovation and enhanced productivity can only be achieved by introducing security measures that make organizations as resilient as possible against modern attacks. The pandemic has challenged us at Microsoft to pivot our security practices and technologies to protect our employees wherever they work. This past year, threat actors continued to take advantage of vulnerabilities exposed during the pandemic and the shift to a hybrid work environment. Since then, our principal challenge has been managing the prevalence and complexity of various attack methods and increased nation-state activity.
Read the complete report announcement.
Complete Report: Microsoft Digital Defense Report 2022 (PDF) – Mouseover to Scroll
Microsoft Digital Defense Report 2022
Additional Reading
Source: ComplexDiscovery
The post An Authoritarian Challenge of Cyber Aggression? The Microsoft Digital Defense Report 2022 appeared first on ComplexDiscovery.
[ad_2]
Source link
