October 1, 2020 | technology | No Comments
If it wasn’t clear that cybersecurity is the new frontier in our evermore-connected world, a recent report from Microsoft, entitled the “Digital Defense Report,” details how rapidly escalating security threats are growing in sophistication and pervasiveness from nation state actors in China, Iran, North Korea, South Korea and Russia. Specifically, ransomware attacks enabled by widespread phishing campaigns that steal credentials are on the rise, along with a myriad of other high profile targets and the IoT.
“This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware,” notes Microsoft Corporate Vice President, Customer Security And Trust, Tom Burt. This particular observation Microsoft’s Digital Defense Report makes is both troubling and obvious at the same time. Cybercriminals hiding the vast resources of cloud infrastructure are the new normal. Malicious bots powered by mainstream cloud resources have random IPs that aren’t easy to trace back to nefarious individuals and organizations.
Meanwhile, botnets fueled by compromised IoT devices with weak credentials harness hundreds of thousands of machine resources to wage DDoS attacks at a very large scale. In fact, in the first 6 months of 2020, there was 35% increase in IoT attack volume, versus the same period in 2019. To say that things are getting a bit out of hand would be an understatement but companies like Microsoft are scaling their resources and level of sophistication as well, to both detect and thwart criminal threats with machine learning and AI on the internet, in the cloud and in the IoT. Microsoft notes, “since 2010, our Digital Crimes Unit has collaborated with law enforcement and other partners on 22 malware disruptions, resulting in over 500 million devices rescued from cybercriminals.”
While these strides in prevention and recovery are encouraging, it’s important to remember that the rise in attacks these days are increasingly targeting human security threat vectors with weak passwords, password guessing or phishing techniques and malware. Microsoft’s report underscores the need for Multifactor Authentication (MFA) or authentication systems that require multiple steps and devices to complete the authentication process. Unfortunately, while more secure, MFA is typically less convenient for the average user looking to just get logged on to the service they want. As such, it will be critical for software solutions provides to continue to innovate solutions in MFA that are convenient, quick and secure.
Meanwhile, if you’ve been using the same password across a number of services, sites and platforms, change it up early and often and setup MFA. Microsoft may have your back (to the best of their ability) but as a good doctor once said, an ounce of prevention is worth a pound of cure. You can read Microsoft’s full report, here.