Join Earl Duby in this latest episode of “Big Reports in Five Minutes” as he summarizes the 2024 Microsoft Digital Defense Report. In this review, he discusses five key points:
- Microsoft’s significant security investments.
- Evolving tactics of phishing with QR codes.
- The role of AI in global cyber warfare.
- The volume of data that Microsoft sees on a daily basis.
- The effects of politics on cybersecurity.
Whether you’re a cybersecurity professional or just want to stay informed, this breaks down current and emerging threats in the digital landscape.
Link to full report: https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024
Transcript:
0:13) Hey, welcome back. (0:15) It’s been a while since we did a big reports in five minutes, but I’m excited to be back (0:19) here and I have a great report to go over with you today. (0:23) This is the 2024 version of the Microsoft digital defense report.
(0:29) So this is, I think their fifth, fifth edition of this report, just a little warning ahead (0:34) of time, if you do want to read this report, it is very dense. (0:37) There is a lot of words in here, not a lot of pictures. (0:42) So if that frightens you, you might want to just listen to this big reports in five minutes (0:46) and call it a day.
(0:49) So I’m going to go through five points in five minutes. (0:53) So the first thing I want to talk about is just like this massive investment that Microsoft (0:57) is making into security. (0:59) And you can see in this graphic here, they, they purport to have 34,000 dedicated security(1:08) engineers.
(1:09) Like that is just a phenomenal number to me. (1:11) So one company has 34,000 dedicated security engineers because their CEO is recommitting (1:20) Microsoft to security. (1:22) So this sounds like something that Bill Gates did about 20 years ago when he did a big investment(1:26) in security.
(1:27) Now they’re trying to get again, and they’ve dedicated a lot of money and a lot of resources (1:32) to this. (1:32) So hopefully that works out for them inside this report. (1:37) There is this pretty cool graphic here that talks about, or it shows the, the number of (1:43) attacks that Iran did against Israel before October of 2023, which was about 10%.
(1:52) And then what that looks like after October, 2023, where it went up to about 50% of the(1:58) Iranian attacks were targeted towards Israel. (2:01) So it’s just another picture of how politics and cybersecurity, cyber attacks are all fusing (2:08) together. (2:10) And, you know, it really makes the question about what exactly is cyber war kind of come (2:14) to the forefront when you see pictures like this, when you can see that political motives (2:19) are being accentuated with cyber attacks.
(2:23) The next point I want to talk about real quick is just the, the phishing emails and the analysis (2:28) that Microsoft has done looking at their platform and looking at partner reports and all the (2:35) data that they’re getting. (2:36) But the interesting thing is, you know, we all understand that phishing emails typically (2:42) include a link or an attachment, it’s either a malicious link to a website that’s trying (2:47) to collect your credentials, or there’s an attachment of like a poisoned PDF file or (2:54) a malicious exe file or something. (2:57) This picture here shows that the new trend is now to put QR codes into phishing emails.
(3:04) And this, this is causing problems in a couple different ways. (3:09) You know, one is typically we inform users to like hover over links to see where it’s (3:14) really going. (3:14) That doesn’t work with QR codes.
(3:17) So QR codes are really obscure in the fact that there’s really not a good way that we (3:22) can teach people to figure out if it’s a good code or not. (3:27) So this, this attack vector rising to 25% of all phishing emails is a little concerning (3:34) and just something to keep your eye on. (3:36) And a lot of the phishing tools, I’m sure they’ll catch up, but you know, this is getting(3:40) through because it can’t really detonate these things in the way that it does with (3:46) attachments and links.
(3:48) So just be aware of the fact that QR codes are rising in prevalence in phishing emails.(3:54) This next graphic is an interesting discussion around artificial intelligence because (4:01) obviously no security report is complete without a discussion about artificial intelligence. (4:05) So this just shows how our main adversaries, China, Russia, and Iran are using AI driven (4:12) content to drive discourse and dissent here in the U.S., whether it’s by, you know, talking (4:20) about, you know, imprisoning students or having deep faked Elon Musk audio on top of some(4:31) discerning or kind of concerning content or just, you know, Iran kind of, you can see (4:37) over there in the last part, Iran tries to do, you know, artificial intelligence, but (4:43) they clearly are not to the level that China and Russia are yet, but they’re still trying.
(4:47) So just be aware of the fact that there is still a lot of artificial intelligence that (4:52) we got to get our arms wrapped around from a security perspective. (4:56) And then the final point, you know, I talked about the 34,000 security engineers, but this (5:04) was just an astounding number to me. (5:07) So Microsoft claims that they process 78 trillion security signals per day.
(5:14) And a security signal comes from endpoints, cloud, you know, email, whatever. (5:20) It’s a, it’s a point, a data point that’s coming from these various sources, 78 trillion (5:27) of these per day, which is up 13 trillion from last year. (5:32) These are just totally amazing numbers to me.
(5:35) So anyways, it’s a dense report. (5:38) It’s got some good information in it, lots of words.(5:41) So you can either take my word for it and take those five points and, you know, do (5:46) something with them or you can read the report yourself.
(5:48) But in either event, just realize that the digital world is changing out there. (5:54) It’s challenging. (5:56) So be safe and we’ll talk to you next time.
