On February 23, 2022, the world of cyber security entered a new era, hybrid warfare, when Russia launched both physical and digital attacks against Ukraine. It is in this context that Microsoft unveils the 2022 edition of the Digital Defense Report.
Based on data from around the world spanning from June 2021 to June 2022, this report highlights the current state of cyber crime, the rise in state-to-state cyber attacks, threat trends such as cyber influence operations. The Digital Defense Report is also an opportunity to make recommendations on how to improve cyber resilience and strengthen digital defence.
With 8,500 cybersecurity experts and an ecosystem of 15,000 specialist partners, Microsoft has a unique perspective on the threat landscape in the cyber world. In fact, more than 43 trillion security signals are analyzed every day by our tools and teams. This insight into the scale and scope of the threat landscape enables action to be taken participate in the settlement of cybercrime – to date, Microsoft has removed more than 10,000 domains used by cybercriminals and 600 used by state actors – and in react to possible vulnerabilities – 93% of ransomware incidents we responded to revealed inadequate controls over privileged access and lateral movement.
Among the lessons learned from the 2022 edition of the Microsoft Digital Defense Report, we can note:
As cyber defenses improve, attackers adapt their techniques.
Human-powered ransomware is the most common attack. One-third of targets are successfully compromised based on this technique, and 5% of them yield to the ransom. Page 7.
Over the past year, the number of password attacks has increased by 74% to 921 attacks every second. Page 2.
The deployment of cyber weapons in Ukraine’s hybrid war marks the beginning of a new era of conflict.
90% of Russian attacks detected in the past year targeted customers in NATO member countries. Page 37.
The sectors most affected by state attacks relate to ESNs (22%), think tanks and NGOs (17%), educational institutions (14%) and governments (10%). Page 35.
With the acceleration of digital transformation, the security of digital infrastructures is more important than ever.
Attacks against remote control devices – particularly used to control a fleet of IoT tools such as printers, webcams, air conditioning or building access control – are on the rise, with more than 100 million attacks recorded in May 2022 – a fivefold increase compared to last year. Page 62.
Microsoft is seeing a steady year-over-year increase in phishing emails. Since March 2022, the war in Ukraine has become a new bait for conducting phishing campaigns. Page 22.
Influencer operations are using new methods and technologies, making their trust-eroding campaigns more effective.
Cyber influence operations are increasingly being used by some states to shape opinion, discredit their opponents, promote discord and distort reality. Page 71.
Cyber influence operations are often built in 3 steps: prepositioning so that counterfeits are available on the Internet before the operation, the actual launch, and finally the reinforcement. Page 74.
Understanding the risks and benefits of digital transformation will be critical to better resilience.
Good digital usage practices remain the best defense for more security, while the cloud offers the best physical and logical security against cyber attacks. Page 86.
52% of companies use little or no endpoint detection and response (EDR) solution. Page 90.
” The billions of signals we analyze from our global ecosystem of products and services reveal the ferocity, scale and scope of digital threats across the globe. In light of the seriousness of the current cyber threat, it is important to remember that we are all entitled to take measures to protect ourselves, our organizations and our businesses from digital risks. At Microsoft, we believe it is our responsibility to protect digital systems and promote secure computing environments for everyone, everywhere.”
– Tom Burt, Vice President, Customer Security & Trust, Microsoft Corporation
Retrouvez ici l’ensemble des données et enseignements du Digital Defense Report 2022 de Microsoft.