- Microsoft Digital Defense Report Reveals Latest Cybersecurity Trends
- Hackers and Defenders Turn to AI to Increase Productivity
- Nation-state hackers launch even more attacks
With great power comes great responsibility, but in the case of artificial intelligence, Uncle Ben’s words don’t hit the mark.
Hackers are increasingly integrating AI into their attack schemes, using it to create convincing phishing emails to steal login credentials.
After all, why fight cyber defenses that an organization has spent tens of thousands of dollars on when you can just steal the keys and walk out the door. But there is hope…
Searching for digital gold
Microsoft’s sixth Digital Defense Report (DDR), released today, reveals that more than 80 percent of attacks investigated by Microsoft security teams were aimed at data mining. Hackers make a lot of money by gaining access to systems, stealing then encrypting or deleting data, then returning the data to the victim.
Although hackers may be motivated by financial reasons, the attacks have very real consequences. Recent trends have shown that attackers are turning their attention to critical healthcare and government systems, particularly those that rely on outdated hardware or lack the funds to mount an adequate defense.
After being hit by ransomware, hospitals and healthcare facilities are more likely to pay to restore access to systems or risk operational delays or even patient deaths. Humans remain the weakest link in cybersecurity, with credentials stolen to bypass security systems and gain access to the heart of organizations.
Fortunately, there is a simple tool that can defend against 99% of identity-based attacks. Multi-factor authentication prevents attackers from logging into accounts even if they have the correct credentials by requiring verification that the login attempt came from the legitimate account owner.
Authenticator apps are particularly effective against information-stealing malware. Even if it is successfully deployed within an organization and harvests credentials, the data it collects is effectively useless if attackers cannot also authenticate.
AI on the rise
Attackers and defenders are increasingly turning to AI to hack and repair cyber defenses. Rather than sending emails manually, attackers use AI to create convincing texts in multiple languages and then send them in bulk.
AI also allows hackers to create malware that can mutate, providing effective camouflage against security software. In fact, the use of AI in the cyber world has increased almost in parallel with the release of powerful new models.
Defenders also take advantage of AI tools to detect phishing attacks, new malware, training and potential threats. So there is a balance.
Hackers aren’t just ordinary people betting on ransoming data for a quick payday: sophisticated state actors are launching more campaigns for intelligence collection, disruption, and financial gain.
For example, China has launched numerous high-profile campaigns over the past year, with the most prolific attack targeting major U.S. telecommunications providers. Iran targets Western maritime trade organizations, potentially signaling attacks on commercial shipping in the Middle East.
Microsoft also noted a significant expansion of Russian groups targeting organizations dedicated to supporting Ukraine, particularly small businesses that do not have the budget to afford powerful protection suites.
North Korean groups continue to seek funding for the hermit kingdom, with attackers successfully applying for jobs at targeted companies, stealing sensitive information to continue technological development at home, and deploying ransomware when discovered as a way to repatriate additional funds back to their country.
And the future?
In DDR 2025, Microsoft calls on governments as well as private organizations to increase intelligence sharing and training. Microsoft also believes that better security governance could help deter organizations that might pay a ransom. After all, if you remove the incentive to deploy ransomware, hackers will (theoretically) stop deploying ransomware.
Microsoft also says that combating a rapidly changing security environment is a societal challenge because the economic, government and social systems we rely on are at serious risk. The goal is deterrence, with governments denouncing nation-state attacks and applying sanctions, providing real consequences for hostile nations.
