Ten Things Learned from Microsoft’s Digital Defense Report

Written by

This week saw the launch of a new report from Microsoft detailing cybersecurity trends from the past year.

The Digital Defense Report is intended to show how threat actors have “rapidly increased in sophistication” over the course of the last 12 months, “using techniques that make them harder to spot and that threaten even the savviest targets.”

Infosecurity took a close look at the highlights of the full report, and below are the top 10 things we learned from this year’s report.

  1. Microsoft observed 16 different nation state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics
  2. Almost all (90%) of Microsoft’s nation state notifications in the past year have been to organizations that do not operate critical infrastructure, including non-governmental organizations (NGOs), advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security
  3. Of six trillion scanned emails, Microsoft blocked over 13 billion malicious and suspicious emails in 2019, over one billion of which contained phishing URLs
  4. Ransomware is the most common reason behind incident response engagements from October 2019 through July 2020, and in some instances, cyber-criminals went from initial entry to ransoming the entire network in under 45 minutes
  5. The most common attack techniques used by nation state actors in the past year are reconnaissance, credential harvesting, malware and virtual private network exploits
  6. The first half of 2020 saw an approximate 35% increase in total attack volume, compared to the second half of 2019, against IoT devices
  7. Microsoft is among the most spoofed brands in phishing emails, along with UPS, Amazon, Apple and Zoom 
  8. Microsoft has introduced a strategy of four functions to deal with business email compromise attacks: disrupt by analyzing and mapping cyber-criminal technical infrastructure; deter by identifying, investigating and developing cases for law enforcement; strengthen by sharing evidence and insights across Microsoft teams and communicate by sharing findings internally and externally
  9. Between late March and the beginning of July of this year, 13,971 potentially malicious COVID-19-themed domains and 23,123 URLs were reported to authorities to be taken down
  10. Almost 5% of the open source packages used at Microsoft had at least one reported security vulnerability

What’s hot on Infosecurity Magazine?