
Microsoft made an alarming disclosure recently that it has detected more than 600 million identity attacks across its 2024 fiscal year.
In its Digital Defense Report 2024, Microsoft noted that the rise of identity-based cyberattacks has coincided with the increasing number of organizations that are migrating to the cloud. Furthermore, a report from Microsoft Entra revealed that 7,000 password attacks were blocked per second in the past year alone.
And while more organizations are utilizing multi-factor authentication (MFA), which has long been touted as an effective deterrent against cyberattacks, some cybercriminals have become more crafty and are able to bypass MFA through attacks on infrastructure and methods like adversary in the middle (AiTM) attacks.
Still, more than 99% of identity attacks are still password attacks, which include brute force attacks using stolen passwords and phishing attacks, that have become more complex and brutal thanks to the deployment of new social engineering campaigns.
On the other hand, though there has been a 2.75x increase in attempted ransomware attacks over the period, incidents of successful ransomware attacks fell by 3x.
Attacks becoming more complex
Alarming as the numbers paint, the growing complexity of online threat actors also cause great concern.
Cyber attacks tracked by Microsoft increasingly included hybrid warfare alongside conventional attacks. This included attacks on operational technology (OT) and data compromise on government targets. Not to mention the rise of threat actors sponsored by rouge states such as North Korea and Russia which are being done in collaboration with cybercriminal, making the job of determining the motivation for specific attacks harder.
Attack victims identified
The Microsoft report found that while the IT sector accounted for nearly a quarter of all victims (24%), education and research came a close second at 21%. The report’s authors explained that educational institutions can be valuable sources of intelligence, though are largely used as “testing grounds” for new attack methods.
The exception to this rule was Russian groups, which targeted 33% of all attacks across the period against government targets and 15% against think tanks as their activity continued to closely follow the war in Ukraine.
Is AI security the answer?
Igor Tsyganskiy, CISO at Microsoft, shared in the report that threat group Midnight Blizzard’s attack on Microsoft last May 2024 spurred the company to improve the firm’s agility to any future attacks by state-sponsored threat actors.
“To protect Microsoft, our partners, and customers from future attacks, we dramatically grew our teams dedicated to monitoring of and responding to threats,” wrote Tsyganskiy. In addition, he , created an Office of the CISO, containing multiple deputy CISOs who each work with select departments and product groups within Microsoft.
But more interestingly, he shared that Microsoft has put huge investments into AI for security in the past few years. The efforts ranged from the use of generative AI tools like its own Copilot for security to the development of internal security models designed to protect the firm itself. Researchers also suggested that small language models like Phi-3 could be used to sift through corporate data and flag suspicious activity.
The report also noted AI’s potential to identify so-called ‘hands-on-keyboard’ attacks, in which hackers manually infiltrate enterprise systems using compromised identities to camouflage malicious activity. It added that AI could also be used to produce security reports quicker, converge data from multiple third-party sources to assist cyber researchers or organize unstructured data from previous cybersecurity incidents to help inform new decision-making.
Final thoughts
The Microsoft report underscores the ongoing and worsening threat posed by identity attacks and other cyberthreats that leave many organizations vulnerable. It is more critical than ever for security leaders to strengthen their cyber defenses constantly and utilize the latest and most efficient technologies to combat these threat actors.
Коментарі