Microsoft Releases Digital Defense Report 2024, Unveiling the Changing Cyber Threat Landscape and the Role of AI

 |   Indonesia News Center

Cover page of Microsoft Digital Defense Report 2024

Jakarta, 31 October 2024 – Microsoft recently releases Digital Defense Report 2024, an annual report that unveils the latest developments in the global cybersecurity landscape. This report highlighted three significant changes in threat and cyber attack characteristics in various countries, including those related to ransomware, fraud, as well as identity and social engineering. With those changes, Microsoft underlines several cybersecurity practices that need to be adopted, including how to strengthen cybersecurity in the new era of artificial intelligence (AI).

Panji Wasmana, National Technology Officer Microsoft Indonesia, said, “Cybersecurity is a team sport where everyone, not just the IT team, plays an essential role. As part of this teamwork, every individual should understand and implement robust cybersecurity practices. For example, by implementing Zero Trust principles, such as always verifying explicitly, granting data/device access only to those who truly need it, and always assuming there’s a breach.  Additionally, we can use passkeys, a method of authentication that employs private digital keys protected by biometric data (such as facial recognition and fingerprints) or a PIN, which is more secure than a password.”

Navigating Cyber Threats: Essential Actions for Protection

To strengthen overall cybersecurity, it’s important to understand the various types of common cyber threats. Here is an overview of the cyber threat landscape to watch out for, along with actionable insights for each threat,  as summarized from the Microsoft Digital Defense Report 2024*:

  1. Ransomware: A severe and increasingly common threat, often occurring due to access granted to unmanaged devices. Ransomware is a type of malicious software, or malware, that threatens to destroy or block access to critical data or systems until a ransom is paid. The latest trends reveal a rise in human-operated ransomware, where cybercriminals actively infiltrate an organization’s technology and information infrastructure to deploy ransomware, with incidents increasing by 2,75x year over year. In over 90% of cases where the attack reaches the ransom stage, attackers use an unmanaged device in the organization’s network to gain initial access or remotely encrypt organizational assets. The most common initial access techniques include social engineering, such as phishing via email, SMS, and voice. The report shows that ransomware attacks that reach the encryption stage have tripled in the last two years, partly due to advancements in automatic attack disruption capabilities. However, individuals and organizations must remain vigilant as attackers continue to innovate with new cyberattack models.

Tips: Monitor the devices each individual uses within the organization or eliminate access to unmanaged devices in the organization’s network.

  1. Phishing Using QR Code: A Rapidly Increasing Cyberfraud. Incident related to digital fraud continues to increase globally, both in terms of number and sophistication. Some are financial fraud like investment scams, impersonation such as using an official organization name but changing the letter “O” into the number “0”, or phishing. This cyberattack aims to steal or damage sensitive data by tricking people into revealing their private information. According to TrendMicro, phishing attacks increase to 58% by 2023, with financial damages estimated to be up to USD3,5 billion in 2024. In addition, phishing is now practiced through QR codes. Threat actors will send a phishing message containing a QR code, ask the recipient to scan that code, and redirect them to a fake page that can absorb identity or private and confidential data. From October 2023 to March 2024, image detection technology in Microsoft Defender for Office 365 prevented QR code phishing attacks, causing phishing emails using this technique to drop 94%.

Tips: a) Use a trusted QR code generator when making a QR code, b) Check for suspicious elements in the QR code, such as misspellings or wrong logos, c) Do not download a separate QR code scanner application because mobile phones already have this technology, d) Always verify the URL opened by the QR code, e) Use antivirus software and family safety apps to detect malware as an initial defense against phishing and viruses.

  1. Identity Attack and Social Engineering: A Real Threat for Private Information. Similar to previous years, password-based attacks are still the most common attacks that occur. Data from Microsoft Entra shows there are more than 600 million identity attacks every day, with 99% among them attacking user passwords. On the other hand, Microsoft has blocked 7,000 password-based attacks every second in the last year. Cybercriminals constantly update their attacks, such as AiTM Phishing Attack (Adversary-in-the-Middle), a phishing attack technique in which attackers place themselves among the user and a legitimate authentication service. The goal is to access the user accounts without entering a password or bypassing any authentication multifactor (MFA) that may be enabled.

Tips: Replace passwords with passwordless authentication methods such as passkeys. Unlike passwords that use vulnerable confidential information or recognizable personal information, passkeys use a private key securely stored on the user’s device. This key only works on the website or app where the user created it and can only be accessed if the same user unlocks it with their biometrics or PIN.

AI And Its Impact on Cyber Threat

In the midst of AI transformation, individuals are faced with promising advancements, as well as daunting challenges such as advanced AI-powered targeting. Knowing the early signs of cyber threats is an advantage, and collaboration between the government and industry players is key to cyber defense in the AI era.

Early insights found that AI is reshaping the cybersecurity landscape, equipping cyber defenders with powerful tools to detect and counter evolving threats with increasing precision. At a time when cybersecurity is understaffed**, AI can reduce the workload, speeding up the identification and handling of a breach—which, without AI, can take an average of 277 days.

Some critical areas of AI utilization in cybersecurity operations include:

  • Sorting requests and tickets: Using a large language model (LLM) to decide how to respond to requests and tickets based on how they were handled previously. The use of LLM in this scenario saved about 20 hours per person per week for one of Microsoft’s internal response teams.
  • Strengthening risk assessment: Leveraging unstructured organizational knowledge and historical precedents to enrich the factors that determine risk.
  • Learning from previous experience: Using LLM to process data related to previous incidents, breaches, and events to discover valuable learnings that help organizations gain a comprehensive view of things that have previously happened.

Collaboration to Secure the Cyber World TogetherInfographic Secure Future Initiative

Strengthening our cybersecurity requires a secure ecosystem and digital governance to protect every data recorded in the vast network. To support robust digital security, Microsoft on November 2023 introduced the Secure Future Initiative (SFI) to advance cybersecurity for Microsoft, its customers, and the industry.

Since the initiative was launched, Microsoft has appointed 13 Deputy Chief Information Security Officers (Deputy CISO) responsible for spearheading the SFI across the company, mobilizing 34,000 engineers to integrate security into their work structures (making it the largest cybersecurity effort in history), launched the Security Skilling Academy to help train all employees about cybersecurity, and implemented security as a performance measure for all employees.

Here are the principles of SFI Microsoft that can be used as a reference:

  1. Security by design. Ensuring that security is the main element in designing every product and service developed. For example, by adding security features since the product ideation and service.
  2. Secure by default. Ensuring that every main security feature is activated automatically to reduce users’ risk. In other words, creating digital ecosystems resilient to cyberattacks.
  3. Secure operations. Ensuring continuous security monitoring and renewal to keep cyberattacks at bay, for example, by checking threats and vulnerabilities regularly.

###

* The data in this report covers the period from July 2023 to June 2024. Data sources are from various Microsoft services such as Microsoft Defender for Endpoint, Microsoft Defender for Cloud Apps, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Entra ID (formerly Azure AD). Microsoft analyzes approximately 78 trillion security signals per day using advanced data analytics and AI algorithms. The report is also supported by more than 15,000 partners with specialized expertise in cybersecurity.

** According to The International Information Systems Security Certification Consortium (ISC2), every year the gap in the number of cybersecurity workers (required vs. available) increases by 12.6%.