Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
 
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
 
Keep calm and we will be with you shortly!

Jakob Türk 20 Oct 2021
2 min

Microsoft Digital Defense Report

Microsoft’s Digital Defense Report for 2021 summarized observations made about the past year, and the many impacts the pandemic situation has had on the cybersecurity climate. It goes in-depth on applicable methods that can be adopted into company policy but keeps it at an approachable and understandable level.

The current cybercrime ecosystem includes an enterprise structure for the selling and distribution of hacking tools. Anonymous and easy-to-access methods such as RPD, SSH and proxies are accessible via a staggeringly cheap cost in correlation to the damage they can cause. Consequently, even low skill attackers can emulate highly sophisticated attacks – they need only point the tool in the direction of their target.

As one might have expected, cybercrime and cybersecurity was not left unaffected by the global pandemic. Not only did phishing emails and emails containing malicious files increase steadily, but IoT security became even more of a breaking point for company digital security. With many enterprises being forced to implement work from home solutions, security risks were exacerbated. Remote Desktop solutions were implemented on servers pointing straight to Internet, with no more than a simple password login to authenticate users. Shodan scans followed by brute force attack against RDP became increasingly popular. Home networks had always been a security risk, but with magnitudes more users working from home, the risks grew exponentially. Any device in a user’s network could become a point of initial access for attackers, and while securing a company network can be challenging, ensuring total IoT security for all users is nigh impossible.

Changes in methods and targets of nation state actors from countries such as Russia and China were also observed. Overall, nation state actors focused more on espionage, but some switched their attention to targeting critical infrastructure.

It’s easy to get into the mindset of imagining any attacker as being highly determined, sophisticated, and resourceful, and that they will inevitably gain access no matter what actions the company takes. However, Microsoft suggests basic and approachable methods to maintain cyber hygiene, focusing on the fact that 98% of attacks can be prevented with simple policy implementations. Examples include introducing an MFA policy, using the principle of least privilege, defense-in-depth, and zero-trust policies.

On a final note, the implementation of these cybersecurity efforts needs always remember that it affects people. A user likely didn’t want to click that phishing email or download that malicious file. Being hit by ransomware, especially if the attacker pivoted through their home network, is a stressful experience. Don’t berate users for weak passwords or security practices – educate them.

 

The video gives a rough outline of the content of each chapter, focusing on Microsoft’s perspective, as well as their recommendations for mitigation and proactivity. If you want to read the full report,  can find the full report here.