The war in Ukraine began on 24 February 2022. “On that day, hours before missiles were launched and tanks rolled across borders, Russian actors launched a massive destructive cyberattack against Ukrainian government, technology, and financial sector targets,” says Tom Burt, corporate vice president of customer security and trust at Microsoft, in the Microsoft Digital Defense Report 2022.
During the first four months of the war, Microsoft observed multiple destructive cyberattacks against nearly 50 Ukrainian agencies and enterprises. Methods included spear phishing with malicious attachments or links, exploitation of the IT services supply chain to impact downstream customers, exploitation of public-facing applications to gain initial access to networks, and the use of administrative accounts for network discovery and lateral movement.
The ferocity of these attacks is a stark reminder to all, in Ukraine and beyond, of the need for enterprises and public sector organisations to protect themselves with basic cyber hygiene and the employment of endpoint detection and response tools. “I believe Microsoft has a responsibility to protect the digital systems that underpin the social fabric of our society,” says Burt.
A threat to democracy
“Democracy needs trustworthy information to flourish,” says Teresa Hutson, vice president of technology and corporate responsibility at Microsoft. She highlights the influence operations being developed and perpetuated by nation states as a key area of focus for Microsoft: “These campaigns erode trust, increase polarisation, and threaten democratic processes.”
Microsoft has been developing tools and threat detection capabilities to combat the evolving and expanding risk of nation state-driven influence operations. “To enable this work, we recently acquired Miburo Solutions, we partner with third-party validators such as the Global Disinformation Index and NewsGuard, and we participate – and at times lead – multistakeholder partnerships, including the Coalition for Content Provenance and Authenticity,” says Hutson. “Only by working together can we succeed in taking on those who seek to undermine democratic processes and institutions.”
Simple but effective
Businesses must be aware of the ‘cat and mouse’ nature of modern cybercrime. When criminals make their attacks, their victims respond accordingly, perhaps putting extra measures in place to prevent similar situations in future. But the attackers come back bigger and better, with new ways to get around their victims’ defences.
“Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure,” says Burt. “At the same time, cybercriminals are becoming more frugal.”
The Microsoft Digital Defense Report 2022 highlights that, to lower their overheads and boost the appearance of legitimacy, attackers are compromising business networks and devices to host phishing campaigns, malware, and mine cryptocurrency.
Some of the most common and aggressive attacks come in the form of ransomware and extortion. The report warns that ransomware attacks pose an increased danger to all individuals as critical infrastructure, businesses of all sizes, and state and local governments are targeted by criminals leveraging a growing cybercriminal ecosystem.
“Attackers will innovate – our response in the defender community needs to be thoughtful and strategic,” says Alex Weinert, vice president of identity security at Microsoft, in a recent blog post. “But we don’t need to panic. We can take as an example ransomware attacks. These are scary and grab headlines because of crippling work stoppages or huge ransoms. But... if you read all the attention-grabbing headlines, you’ll find that most novel techniques rely on compromising identity first. This shows the importance of getting our identity basics right and keeping our eyes on the ball.”
Starting simple is key, for example by regularly reviewing and strengthening access controls. “We must fight this threat together through both public and private partnerships,” says Amy Hogan Burney, general manager of Microsoft’s digital crimes unit, in the report. “We hope that by sharing what we have learned over the past 10 years, we will help others understand and consider the proactive measures they can take to protect themselves and the wider ecosystem against the continually growing threat of cybercrime.”
A security ecosystem
The Microsoft Intelligence Security Association (MISA), established in 2018, encourages collaboration and provides its members – independent software vendors and managed security service providers – with a new way to grow and benefit from each other. These members – which include Akamai Technologies, archTIS, Armorblox, Check Point Software Technologies, CyberProof, Entrust, Kroll, Obrela Security Industries, Ontinue, ReliaQuest, Synack and VMRay – have integrated their solutions with Microsoft security technology to help organisations defend themselves against increasingly complex cyber threats.
“MISA is an association of what we call our most strategic Microsoft Security partners,” says Maria Thomson, MISA lead, on an episode of the Microsoft Security Insights Show. “It’s about working with these partners who are building and integrating solutions and services with our security technology to help make the world a safer place for all of our customers.”
The increased attack surface
Change in the cybersecurity landscape has happened alongside drastic digital changes in recent times, though the two have not necessarily intersected to enable organisations to keep up. Remote working accelerated by the Covid-19 pandemic and rapid adoption of internet-facing devices that have facilitated digital transformation have increased the attack surface of the digital world.
“Threat actors are exploiting these devices to establish access on networks and enable lateral movement or disrupt the organisation’s operational technology (OT),” says Michal Braverman Blumenstyk, chief technology officer of Microsoft Security, in the Microsoft Digital Defense Report 2022. “However, there is hope on the horizon. Policymakers and network defenders are acting to improve the cybersecurity of critical infrastructure, including the internet of things (IoT) and OT devices they rely on. Policymakers are accelerating the development of laws and regulations to build public trust in the cybersecurity of critical infrastructure and devices.
“Microsoft is partnering with governments around the world to seize this opportunity to enhance cybersecurity and we welcome additional engagement.”
Braverman-Blumenstyk recommends three key ways for organisations to improve their IoT and OT security posture. First, implement continuous monitoring of IoT and OT devices. Second, demand and implement better cybersecurity practices for the IoT and OT devices themselves. Third, implement a security monitoring solution which spans both IT and OT networks. “This holistic approach has the significant added benefit of contributing to critical organisational processes, such as ‘breaking the silos’ between OT and IT, which in turn enables the organisation to reach an enhanced security posture while meeting business objectives,” she says.
Realising cyber resilience
In the face of these complex security threats, organisations must implement the right technologies, processes and safeguards to ensure their cyber resilience.
“Digital threat activity and the level of cyberattack sophistication increases every day,” says Bret Arsenault, chief information security officer at Microsoft. “We have observed identity phishing attacks are a clear and present threat. However, these types of attacks are generally unsuccessful with good identity management, phishing control, and endpoint management practices.”
Arsenault reiterates Weinert’s point that there are simple solutions, especially since 98 per cent of attacks can be stopped with basic hygiene measures in place. “At Microsoft, we manage identities and devices as part of our zero-trust approach, which includes least privileged access and phishing-resistant credentials to effectively stop threat actors and keep our data protected,” he said.
Microsoft Sentinel and Microsoft Defender are just two of the many offerings that Microsoft can deliver in this space. In October 2022, the firm launched Defender for IoT solution for Microsoft Sentinel, which provides a security operations centre experience for IT and OT environments. It allows users to identify security issues in OT before they attract any threat actors, and detect threat activity that uses OT to enter or cause damage and disruption to operations.
Artificial intelligence is also becoming increasingly crucial to the conversation. “As we watch the progress of AI accelerate quickly, Microsoft is committed to investing in tools, research, and industry cooperation as we work to build safe, sustainable, responsible AI for all,” writes Vasu Jakkal, corporate vice president of Microsoft security, compliance, identity and privacy, on LinkedIn. “By working together, we can help build a safer digital world and unlock the potential of AI.”
Microsoft Counterfeit is one example of this. The automation tool helps organisations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable and trustworthy.
“We live in an era where security is a key enabler of technological success,” says Arsenault. “Innovation and enhanced productivity can only be achieved by introducing security measures that make organisations as resilient as possible against modern attacks. As digital threats increase and evolve, it’s crucial to build cyber resilience into the fabric of every organisation.”
Partner perspectives
We asked a range of Microsoft partners about their views on the cybersecurity landscape and their work to prevent digital intrusion and protect customers:
“The growing cyber threat environment requires companies to take steps to increase cyber resilience,” says Lauren Van Wazer, global vice president of public policy and regulatory affairs at Akamai.
“The growth of the internet of things (IoT), industrial control systems and operational technology combined with digital transformation is impacting private and public sectors,” says Joe Partlow, chief technology officer at ReliaQuest.
“Global digital transformation exposes new software vulnerabilities by the hour, highlighting the need for continuous offensive security testing,” says Jay Kaplan, CEO of Synack.
“The increasing popularity of Microsoft Office 365 makes it a lucrative focus for cybercriminals, with email-enabled attacks being responsible for some of the largest and most damaging security breaches,” says Oliver Paterson, product director at VIPRE Security Group.
“Cybercriminals are constantly adapting their behaviour to increase the complexity of their operations, and bad threat actors are launching increasingly sophisticated attacks,” said Carsten Williems, CEO of VMRay.
Read more from these partners as well as archTIS, Armorblox, Check Point Software Technologies, CyberProof, Entrust, Fortra’s Terranova Security, Kroll, Obrela Security Industries and Ontinue in the Spring 2023 issue of Technology Record.