2023 Microsoft Digital Defense Report 整理懶人包
2024-06-28 13:38:38

概述/Overview

本報告深入分析了不斷變化的網路威脅形勢,重點介紹了網路犯罪、民族國家威脅、重大挑戰和安全創新方面的主要動態。

The report provides insights into the evolving cyber threat landscape, highlighting key developments in cybercrime, nation-state threats, critical challenges, and security innovations.

主要動態/Key Developments

  • 網路犯罪分子正在利用網路犯罪即服務模式,大規模發起網路釣魚、勒索軟體和商業電子郵件泄露等攻擊。他們繞過安全措施的手段更加復雜。

  • 民族國家更加注重網路間諜活動,而不是破壞性攻擊。中國和伊朗的組織加強了能力,而朝鮮則進行了首次觀察到的供應鏈攻擊。

  • 對 IT/OT 交叉點的攻擊有所增加,25% 的 OT 設備使用了不支持的系統。在關鍵基礎設施中使用的 CODESYS 軟體中發現了 15 個新漏洞。

  • 人工智慧和機器學習為自動化安全和增強人的能力提供了新的機遇,但也帶來了新的潛在風險,必須加以解決。

  • Cybercriminals are using the cybercrime-as-a-service model to launch attacks like phishing, ransomware, and business email compromise at scale. They are bypassing security measures with greater sophistication.

  • Nation-states focused more on cyber espionage rather than destructive attacks. Chinese and Iranian groups enhanced capabilities, while North Korea conducted its first observed supply chain attack.

  • Attacks on IT/OT intersections increased, with 25% of OT devices using unsupported systems. 15 new vulnerabilities were found in CODESYS software used across critical infrastructure.

  • AI and machine learning provide new opportunities to automate security and augment human capabilities, but also introduce new potential risks that must be addressed.

關鍵統計數據/Key stats

  • 自 2022 年 9 月以來,人為操作的勒索軟體攻擊增加了 200% 以上。

  • 70% 的勒索軟體受害者的員工人數少於 500 人。

  • 自 2022 年 11 月以來,潛在信息外泄增加了一倍。

  • 商業電子郵件泄露(BEC)嘗試達到每天 156,000 次。

  • 密碼暴力攻擊從每月 30 億次增至 300 多億次。

  • 人工智慧可幫助實現威脅情報、響應、監控、測試、教育和治理的自動化。

  • Human-operated ransomware attacks increased over 200% since September 2022.

  • 70% of ransomware victims had fewer than 500 employees.

  • Potential exfiltration doubled since November 2022.

  • Business email compromise attempts reached 156,000 per day.

  • Password spray attacks grew from 3 billion to over 30 billion monthly.

  • AI can help automate threat intel, response, monitoring, testing, education, and governance.

主要應對方式/Key takeaways

  • 採用網路安全基礎知識 - MFA、套件修補、最小權限訪問、備份。

  • 優先考慮身份保護,實施防網路釣魚身份驗證。

  • 更加關注供應鏈風險和非托管設備的安全性。

  • 安全負責地利用人工智慧加強安全。

  • 跨部門合作,共用情報,採取法律/技術行動,提高集體應變能力。

  • Adopt cyber hygiene basics - MFA, patching, least privilege access, backups.

  • Prioritize identity protection and implement phishing-resistant authentication.

  • Increase focus on supply chain risks and security of unmanaged devices.

  • Leverage AI safely and responsibly to enhance security.

  • Collaborate across sectors to share intelligence, take legal/technical action, and boost collective resilience.

結論/Summary

報告強調了網路威脅的規模和復雜程度不斷增加,同時也強調了創新、加強防禦和共同努力創建更安全的網路生態系統的機會。採用技術和政策解決方案將是關鍵所在。

The report highlights the increasing scale and sophistication of cyber threats, while emphasizing opportunities to innovate, strengthen defenses, and work together to create a safer online ecosystem. Adopting both technological and policy solutions will be key.

參考資料跟備註

有興趣的歡迎自行到 這裡 下載全英文版本讀讀吧!
(這篇文章單純留個紀念,順便測試一下 Claude 的能力)