- Microsoft’s Digital Defense Report reveals the latest cybersecurity trends
- Hackers and defenders are turning to AI to increase productivity
- Nation-state hackers are launching even more attacks
With great power comes great responsibility, but in the case of artificial intelligence, Uncle Ben’s words don’t ring true.
Hackers are increasingly integrating AI into their attack patterns and using it to craft convincing phishing emails to steal login credentials.
After all, why struggle with cyber defenses that an organization has spent tens of thousands of dollars on when you can simply steal the keys and walk through the door. But there is hope…
Panning for digital gold
Microsoft’s sixth Digital Defense Report (DDR), released today, has found that over 80% of attacks investigated by Microsoft’s security team were in pursuit of data. Hackers make big money by gaining access to systems, stealing and then encrypting or deleting data and then ransoming the data back to the victim.
While the hackers may be financially motivated, the attacks have real-world consequences. Recent trends have shown that attackers are targeting critical healthcare services and government systems, especially those that rely on outdated hardware or lack the means to establish proper defenses.
After being hit by ransomware, hospitals and care facilities are more likely to pay to restore access to systems or otherwise face operational delays and even patient deaths. People remain the weakest link in cyber security, with credentials being stolen to bypass security systems and gain access to the heart of organizations.
Fortunately, there is a simple tool that can defend against 99% of identity-based attacks. Multi-factor authentication prevents attackers from logging into accounts even if they have the correct credentials by requiring verification that the login attempt is from the legitimate account owner.
Authentication apps are particularly effective against info-stealing malware. Even if it is successfully deployed in an organization and harvests credentials, the data it collects is effectively useless if the attackers can’t also authenticate themselves.
AI on the way
Attackers and defenders are increasingly turning to AI to crack and patch cyber defenses. Instead of sending emails manually, attackers use AI to create persuasive copy in multiple languages and then send it out en masse.
AI also enables hackers to build malware that can mutate, giving it effective camouflage against security software. In fact, the use of artificial intelligence in the cyber world has increased almost in sequence with the release of powerful new models.
Defenders also leverage AI tools to spot phishing attacks, new malware, training and potential threats – so there’s a balance.
Hackers aren’t all just regular Joes taking a bet to ransom data for a quick payday—sophisticated nation-state actors are launching multiple campaigns for intelligence gathering, disruption, and financial gain.
For example, China has launched several high-profile campaigns over the past year, with the most prolific attacks being against major US telecommunications carriers. Iran is targeting Western maritime trade organizations, potentially signaling attacks on commercial shipping in the Middle East.
Microsoft also noted a significant expansion of Russian groups targeting organizations dedicated to supporting Ukraine, especially small businesses without the budget to pay for powerful protection packages.
North Korean groups continue to seek funding for the hermit kingdom, with attackers successfully seeking jobs at targeted companies, stealing sensitive information to further technological development at home, and deploying ransomware when discovered as a way to bring extra funds home.
And the future?
In 2025 GDR, Microsoft encourages governments as well as private organizations to increase intelligence sharing and training. Microsoft also believes that greater security controls can help deter organizations that might pay a ransom. After all, if you remove the incentive to deploy ransomware, hackers will (theoretically) stop deploying ransomware.
Microsoft also says that combating the rapidly evolving security environment is a societal challenge, as the economic, governmental and social systems we rely on are at serious risk. Deterrence is the goal, with governments encouraging nation-state attacks and applying sanctions, which have real consequences for hostile nations.
