Professional Documents
Culture Documents
MDDR Executivesummary Oct2023
MDDR Executivesummary Oct2023
Defense Report
Executive Summary
October 2023
Microsoft Threat Intelligence
1 Microsoft Digital Defense Report 2023 Executive Summary
Contents of
Chapter 1 Chapter 3 Chapter 6
Introduction Nation State Threats Collective Defense
Securing our
future together
Introduction from Tom Burt
As the digital domain faces new and more Nation‑state actors were not alone in stepping up As we are seeing, Artificial Intelligence (AI)
threatening challenges, defenders are being driven their abuse of the digital ecosystem. Well‑resourced technologies are set to become a major focus
to innovate and collaborate more closely than ever. cybercriminal syndicates also continue to grow of regulators and industry. We will undoubtedly
For example, Russia’s use of cyberweapons as part and evolve, leveraging the cybercrime-as-a-service see attackers using AI as a tool to refine phishing
of its hybrid war against Ukraine sparked sustained ecosystem we highlighted last year. Ransomware‑as‑ messages, develop malware and enable other
collaboration between Microsoft and Ukrainian a-service and phishing-as-a-service are key threats abuses of technology. But AI will also be a critical
officials to successfully defend against most of to businesses and cybercriminals have conducted component of successful defense. For example,
these cyberweapons. business email compromise and other cybercrimes, in Ukraine we saw the first successful use of
largely undeterred by the increasing commitment AI technology to help defend against Russian
Russia is not alone in its use of destructive malware;
of global law enforcement resources. cyberattacks. In the coming years, innovation
we have also seen increased use of cyberweapons by
in AI‑powered cyber defense will help reverse
Iran to pressure the Albanian government and in its Many vendors are taking steps to improve the
the tide of cyberattacks.
ongoing conflict with Israel. At the same time, nation cybersecurity of their products and services,
states are becoming increasingly sophisticated and developing new tools to help customers better Advancing the promise of digital peace requires
aggressive in their cyber espionage efforts, led by defend against attackers. Governments across public‑private collaboration to ensure we are
highly capable Chinese actors focused on the Asia the globe are providing the public with more bringing to bear the best technological and
“As the digital domain Pacific region in particular. information about cyber threats and how to
counter them, like the effective alerts from the US
regulatory tools to combat cyber aggression.
We need more and deeper alliances in the
One recent example of the troubling increase in
faces new and more aggression and capability involves a Chinese actor,
Cybersecurity and Infrastructure Security Agency’s private sector and stronger partnerships
(CISA) Shields Up campaign. Governments are also between the private and public sectors.
threatening challenges, which Microsoft calls Volt Typhoon. It used inventive
tradecraft to infiltrate and pre‑position malware
imposing new legal and regulatory requirements for Enabling this collaboration can be challenging
defenders are being in the networks of a range of communications
cybersecurity. While many of these are beneficial,
they can impose counterproductive conditions—
but, when successful, it drives meaningful impact.
We must accelerate the move of critical computing
companies and other critical infrastructure
driven to innovate and organizations in Guam and the United States,
such as requiring overly rapid reporting of workloads to the cloud, where vendors’ security
cybersecurity incidents or establishing inconsistent innovations will be most impactful, and ensure AI
collaborate more closely deploying “living off the land” techniques to
or conflicting requirements across agencies or innovation provides defenders with the durable
evade detection.
than ever.” geographies. Close collaboration between the
public and private sectors to formulate, enforce, and
technological advantage over attackers that
it promises.
harmonize these requirements is crucial to improve
Tom Burt
global cybersecurity and foster innovation.
Corporate Vice President, Customer Security & Trust
4 Microsoft Digital Defense Report 2023 Executive Summary
Sharing
As part of our longstanding commitment to create a safer world, Microsoft’s investments in security research,
innovation, and the global security community include:
15,000+
Cybersecurity is a defining challenge of our time. per second, synthesized using
sophisticated data analytics and
Organizations of every size across every industry 10,000+ engineers, researchers,
AI algorithms to understand and
around the globe feel the urgency and pressure protect against digital threats and data scientists, cybersecurity
partners in our
of protecting and defending against increasingly criminal cyberactivity. experts, threat hunters, geopolitical
analysts, investigators, and frontline
sophisticated attacks. responders across the globe.
While AI is transforming cybersecurity, using it to security ecosystem
stay ahead of threats requires massive amounts
of diverse data. Here at Microsoft, our more than
10,000 security experts analyze over 65 trillion
300+ 100,000+
15,000+ partners with specialized
solutions in our security ecosystem,
who increase cyber resilience for
signals each day with the help of AI, and Microsoft threat actors our customers.
protect against be compromised. This means constantly with hyperscale cloud because these
monitoring the environment for possible attack. capabilities are already built into the
platform. Additionally, cloud‑enabled
99% of attacks? 3 Use extended detection and response
(XDR) and antimalware: Implement
capabilities like XDR and MFA are
constantly updated with trillions of daily
How effective is MFA at deterring
software to detect and automatically block cyberattacks? A recent study based on
signals, providing dynamic protection
attacks and provide insights to the security real‑world attack data from Microsoft
that adjusts to the current
While we explore the many dimensions of the operations software. Monitoring insights Entra found that MFA reduces the risk
threat landscape.
cyber threat landscape, there is one crucial point from threat detection systems is essential of compromise by 99.2 percent.1
we must emphasize across them all: the vast to being able to respond to threats in a
majority of successful cyberattacks could be timely fashion.
thwarted by implementing a few fundamental Fundamentals
4 Keep up to date: Unpatched and out-
Enable multifactor
security hygiene practices. of-date systems are a key reason many of cyber hygiene
authentication (MFA)
By adhering to these minimum-security standards, organizations fall victim to an attack.
it is possible to protect against over 99 percent Ensure all systems are kept up to date
Apply Zero
99%
of attacks: including firmware, the operating system,
and applications. Trust principles
1 Enable multifactor authentication (MFA):
This protects against compromised user 5 Protect data: Knowing your important
passwords and helps to provide extra data, where it is located, and whether the Use extended detection and
resilience for identities. right defenses are implemented is crucial to response (XDR) and antimalware
implementing the appropriate protection.
Basic security hygiene
2 Apply Zero Trust principles:
still protects against
The cornerstone of any resilience plan Hyperscale cloud makes it easier to implement Keep up
99% of attacks.
is to limit the impact of an attack on an fundamental security practices by either enabling to date
organization. These principles are: them by default or abstracting the need for
customers to implement them. With software‑as‑
– Explicitly verify. Ensure users and devices are in a Protect
a‑service (SaaS) and platform‑as‑a‑service (PaaS)
good state before allowing access to resources. data
solutions, the cloud provider takes responsibility for
– Use least privilege access. Allow only the keeping up with patch management.
privilege that is needed for access to a resource
and no more. Outlier attacks on the bell curve make up just 1%
7 Microsoft Digital Defense Report 2023 Executive Summary
Key developments
Key developments
Nation-state and state-affiliated threat Russian state-sponsored Chinese cyber threat
Nation State
actor activities pivoted away from
high volume destructive attacks in threat actors used diverse groups carried
favor of espionage campaigns.
means to access devices out sophisticated
Threats and networks in NATO worldwide intelligence
member states. collection campaigns.
After last year’s flurry of high-profile
At the same time, China’s cyber influence
cyberattacks, nation-state cyber actors
campaigns continue to operate at an
this year pivoted away from high- unmatched scale.
volume destructive attacks and instead
directed the bulk of their activity toward
cyber espionage.
Key developments
Key developments
With modern AI Our approach for the
Innovating for advancements analyzing
trillions of security signals
next year will focus on
bringing to bear AI in
Security and daily, we have the potential combating threats while
to build a safer, more also embracing the three
Resilience resilient online ecosystem. SDL principles of Secure
by Design, Secure by
Against an ever more complex cyber Default, and Secure in
ecosystem, AI offers the potential
to change the security landscape
Deployment (SD3).
by augmenting the skill, speed, and
knowledge of defenders.
Since Microsoft has the largest and most diverse LLMs have the potential to Many modern apps will
set of products in the industry, we are continuously
seeking out and eliminating vulnerabilities before
transform cyber defense for become LLM‑based in time.
threat actors can exploit them. One way that we next‑gen cybersecurity.
are confronting cybercrime is by leveraging AI and This will increase the threat surface, making them
large language models (LLMs). LLMs can automate vulnerable to both inadvertent and deliberate
and augment many aspects of cybersecurity, Microsoft’s researchers and applied scientists are
misalignments. As LLM-based apps bring new and
including: threat intelligence; incident response and exploring many scenarios for LLM application in
unique threats, we adapt our security measures and
recovery; monitoring and detection; testing and cyber defense.
protocols to address them.
validation; education; and security governance, risk,
and compliance.
Key developments
The fragmented cybersecurity Fewer than
Collective landscape means we are not making
the most of the vast amount of threat 15%
Defense intelligence and data that is available. of NGOs have cybersecurity
experts on their staff.
The new Cybercrime Atlas will maximize global data collection while
ensuring intelligence is thoroughly cleansed, enriched, and vetted The CyberPeace Institute is providing critical support
by experts from diverse industries. and assistance to humanitarian organizations.
By forging strong partnerships that
transcend borders, industries, and the
public‑private divide, we are creating a
united front against cybercrime.
75%
A ground-breaking lawsuit aimed at ending
the illicit use of Cobalt Strike shows the power
As cyberthreats evolve, productive of uniting efforts to identify and take down
relationships across a spectrum of criminal infrastructure. of eligible citizens in democratic
stakeholders will be essential to improve
threat intelligence, drive resilience, and
nations have the opportunity to vote
contribute to mitigation guidance. in the next year and a half. We must
ensure that strong cyber defenses
keep elections safe.
October 2023
Microsoft Threat Intelligence