Microsoft Defense Report: Artificial Intelligence Creates New Threats, But Also New Defenses

Microsoft presented data from the new Microsoft Digital Defense report, an analysis of trends from July 2022 to June 2023 to illustrate the evolution of digital threats.

Below are the main elements of the Defense Report 2023.

State espionage

The past year has seen a rise in global attacks affecting up to 120 countries, fueled by government-sponsored espionage and influence operations. Nearly half of these attacks were directed against NATO member states, and more than 40 percent were carried out against government or private organizations involved in building and maintaining critical infrastructure. In Europe, the most attacked countries were Ukraine (33%), UK (11%), France and Poland (5%), Italy (4%) and Germany (3%).

While in the recent past the most commonly used attacks were aimed at destruction or financial gain through ransomware, data shows that today the predominant motivation is to steal information, covertly monitor communications or manipulate what people read, demonstrating the convergence of influence operations with cyber attacks . In fact, national state actors are increasingly resorting to influence operations and cyber operations to spread propaganda ideas in order to be able to manipulate national and global public opinion and undermine the democratic institutions of opposing countries, especially in the context of armed conflicts and national elections. Among the most active players on this front are Russia, China, Iran and North Korea.

Artificial intelligence creates new threats, but also new security opportunities.

Attackers are already weaponizing AI to refine phishing messages and improve influence operations using synthetic images. At the same time, AI will also be key to effective defense through its ability to automate and accelerate aspects of cybersecurity such as threat detection, response, analysis and prediction. Generative AI models require the development of cybersecurity practices and threat models to address new challenges, such as creating realistic content, including text, images, video and audio, that can be used by attackers to spread disinformation or create malicious code.

Ransomware attacks are becoming more complex and faster

Data analyzed by Microsoft shows that since September 2022, organizations have seen a 200% increase in human-powered ransomware attacks. These attacks target the entire organization with individual ransom demands. Attackers are also evolving their attacks to minimize their impact, with 60% using remote encryption. Criminals using ransomware also threaten to release stolen information to pressure victims into extorting money.

Password and multi-factor authentication attacks are on the rise

While implementing MFA (multi-factor authentication) is one of the simplest and most effective defenses organizations can put in place against attacks, reducing the risk of compromise by 99.2%, cybercriminals are increasingly exploiting “MFA fatigue” to bombard users with MFA notifications. in hopes that they will accept and provide their own logins. Over the past year, Microsoft has seen around 6,000 tedious MFA attempts per day. Additionally, the first quarter of 2023 saw a sharp tenfold increase in password-based attacks on cloud identities, especially in the education sector, from approximately 3 billion per month to over 30 billion; on average 4000 password attacks per second.