Which cyberattacks are on the rise? What are the cybercriminals' goals?? This report shows the latest threats and provides tips for your cybersecurity.
The Microsoft Digital Defense Report paints an accurate picture of the threat landscape for your cybersecurity: who and what was the focus of cybercriminals last year? What are the latest methods of attack? What are the most dangerous players for cybersecurity? How can you address these challenges and minimize your cybersecurity risks?
Microsoft analyzes more than 24 trillion security signals received via applications and systems in the cloud every day. From this, a comprehensive picture of the current cybercrime situation can be created, and developments and trends for cybersecurity can be derived. The comprehensive cybersecurity report focuses on the areas that have emerged as most critical when looking at the threat landscape. Mittelstand Heute has summarized it:
Contents: (click on the links to go directly to the relevant chapter):
Crucially, organizations need to understand how cybercriminals are evolving their attack methods and that cybersecurity measures need to keep up with them.
1. Cybersecurity: the status of cybercrime
Cybercrime is a growing threat to businesses, organizations, and nations. The motivation of attackers varies. State actors – hackers backed by governments – want to capture important information, while cybercriminals are primarily after money.
Attacks on critical infrastructure are on the rise
A prominent example was the cyberattack on Pipeline Colonial, which caused gasoline supply shortages in the U.S. A ransom payment of $4.4 million was due. Microsoft's Detection and Rapid Response Team (DART) looked at which industries were hit the most due to ransomware incidents : Retail led the way with 13 percent, financial services and manufacturing each with 12 percent, government 11 percent and healthcare 9 percent.
In a country comparison, the U.S. was hit the hardest, with three times as many ransomware attacks as China in second place, followed by Japan, Germany and the United Arab Emirates.
What lies behind the cybercrime as a service model
Cybercrime is a lucrative business. According to a report by Heise Online, ransomware generated $590 million in the first half of 2021 in the U.S. alone. In parallel, new business models such as cybercrime as a service are emerging. Cybercriminals sell their tools and services on the darknet, so a potential attacker no longer needs to have any special technical knowledge to launch their attacks.
These three developments exist in Cybercrime as a Service :
- Reduce costs, increase reach: Attack tools are also increasingly using standardized components to meet high demand. This, combined with increasing automation, results in reduced costs and increased reach.
- Access data high in demand: compromised access data is increasingly offered on the darknet. Allowing attackers to access user accounts and put tool kits in place. Such login information costs approximately $1 to $50, depending on the value of the haul.
- Controlling in the darknet: between buyers and sellers mediate escrow services for cryptocurrencies. They have a controlling function and ensure that attack tools and credentials work as ordered. Particularly sophisticated kits can do even more – they not only pass on the victims' data to the buyers, but also covertly to the companies that created the kits.
In Microsoft's latest Cyber Signals Report, January 2022, cybersecurity analysis clearly indicates that the criminal underground economy is increasingly characterized by the "cybercrime as a service" approach. Attacks have the clear goal of maximizing profits. Attackers can be hired for $250 per job, for example, and ransomware kits cost $66 when paid upfront, or up to 30 percent of profit.
Cybersecurity from experts: Need support?
Business IT service provider All for One makes companies fit against cyberattacks and data loss and helps meet compliance requirements for your cybersecurity. Experts can help you holistically protect mission-critical data and information!
Here's what the Human-Operated Ransomware trend means
Ransomware is a customized attack method that destroys or encrypts data, making it impossible for the company to access business-critical data. Attacks of this nature continue to pose an enormous threat to cybersecurity. This is also due to the fact that malware is constantly being developed further. However, Microsoft's cybersecurity experts also observe that the number of automated attacks that rely on volume and low demands is decreasing.
There is a new and growing trend for this: while usual ransomware attacks typically spread widely like a virus, human-operated ransomware takes a much more targeted approach: Human-Operated Ransomware is the result of an active attack methodology by cybercriminals. The attacker infiltrates both on-premises environments and the cloud infrastructure of organizations, obtains the necessary permissions and deploys ransomware only to critical data. Thus, he can use all his gained knowledge about system and cybersecurity vulnerabilities to target and demand high ransoms.
This attack methodology even allows for analysis of the victim's financial and insurance records, as well as investigation of compromised networks for their own purposes. In addition, there is usually the theft of login credentials and massive distribution across the board. For business processes in companies, this can be disastrous, because such individually controlled ransomware is very difficult to contain and eliminate, unlike merchandise.
2. Cybersecurity: cyber attacks on organizations& Co.
Espionage is most often the target of states' activities. Actors turn their focus to obtaining classified information of other countries. Hackers hired by governments use the same tools, just with a different goal: information gathering instead of data theft. 21 percent of the attacks Microsoft observed from state actors targeted consumers, while 31 percent targeted non-governmental organizations such as Doctors Without Borders or Bread for the World and think tanks. Government agencies were affected at 48 percent.
The perception in Germany on this topic was recently investigated by the digital association Bitkom . The result: three-quarters of people here are afraid of escalation in the digital space.
3. Cybersecurity of supply chains, Internet of Things (IoT) and operational technology (OT)
The Internet of Things (IoT), operational technology (OT), i.e., industrial information technology in operating environments, and supply chains, which have already been battered by the pandemic anyway, are increasingly becoming the focus of cybercriminals. To fend off attacks, security must not be viewed in isolation, but in a holistic cybersecurity approach.
With multiple layers of defense, such as multifactor authentication, the level of cybersecurity can be increased. This is why devices play a special role. They are a classic vulnerability. Microsoft found that the default password "admin" was used on 20 million endpoints over a 45-day period.
With these seven characteristics, Microsoft considers an endpoint to be particularly secure :
- The end device has a unique, non-falsifiable identity that cannot be separated from the hardware.
- The device remains protected even if a security mechanism has been breached.
Endpoint security key is protected from gaps in other software on the device.
- A flaw in a software component of the endpoint is isolated by the hardware.
- The endpoint device authenticates itself with certificates or other components that are marked as trusted on the hardware.
- The end device reports when new threats could not be correctly identified and defended against during its use.
- The software is automatically updated.
4. Cybersecurity in a hybrid working world
Whether in the home office or across the organization, cybersecurity hygiene is a must for organizations to provide less attack surface for ransomware or distributed denial of service (DDoS). The following measures for your cybersecurity should be top priority:
- the application of patches,
- regular software updates, and
- The establishment of vulnerability management.
Multi-factor authentication and credential verification take cybersecurity to a higher level. Data governance stands for holistic data management: defined policies and procedures ensure compliance with legal requirements and data protection. Basic cybersecurity hygiene protects against 98 percent of attacks like phishing, which is responsible for 70 percent of all data breaches.
Endpoints are therefore an essential part of a zero-trust architecture in a hybrid, mobile working world. Microsoft described this cybersecurity architecture in its position paper "Evolving Zero Trust" like this: A holistic zero trust approach spans the entire digital environment including identities, endpoints, network, data, applications and infrastructure. The architecture requires integrating all elements.
As we last detailed here, this cybersecurity model starts by trusting nothing and no one, i.e., no device, user, or service. Instead, the principle of "trust is good, control is better" applies to all requirements and resources, whether inside or outside the corporate network perimeter.
Cybersecurity: Five tips against attacks
New technologies such as AI, 5G and increasing connectivity are becoming integral parts of society, politics and businesses. This also increases the number of entry points for attacks. Cybercriminals, state actors and nation-state groups have sufficient information and resources to carry out complex attacks. As these become more sophisticated, they are gaining significant clout. Cyber attackers are automating their attack methods to execute mass attacks at high speed.
For cybersecurity to keep pace, companies should always keep threat and risk management in mind alongside new business opportunities. That is:
- Ensure basic security hygiene
- Take a holistic view of risks – move away from silo thinking
- Attack vectors don't offer security loopholes
- Consider the human factor as an attack vector
- introduce the Zero Trust model.
5. Cybersecurity: impact of disinformation
Disinformation and fake news are being created and disseminated ever faster and more extensively. Companies are now being infiltrated with targeted campaigns just as politicians have been in the past. The targeted spread of false news and disinformation attacks do a lot of economic damage and impact the availability and integrity of data and systems.
Artificial intelligence creates media content (photos, video and audio) that looks authentic but is actually fake. The intention behind this is fraud, manipulation and discrediting. The use of machine learning, specifically deep learning, can automate the creation of fakes. The criminal cyber scene has thus expanded its portfolio to take advantage of another domain.