Microsoft Digital Defense Report: Poland one of the three most threatened countries in Europe

From the latest edition of the Microsoft Digital Defense report, we learn that:

The number of anomaly signals analyzed by Microsoft from the cloud, software, workstations and partner ecosystem has increased from 65 to 78 trillion per day.
Customers face more than 600 million attacks every day aimed at phishing, identity theft or ransomware extortion.
Microsoft keeps an eye on more than 1,500 cybercrime groups, including 600 sponsored by hostile states and 200 carrying out disinformation operations.

Growing scale of threats

Microsoft's Digital Defense Report indicates that the most prevalent techniques currently used by cybercriminals are social engineering - particularly phishing - as well as identity breaches and exploiting vulnerabilities in public applications or unpatched operating systems. Once criminals get into an attacked network, they are usually active in it for less than 2 hours, meaning they manage to get out of it before they are detected. The last 12 months have also seen a 2.75-fold increase in the number of ransomware attacks. Importantly, however, there has been a threefold decrease in the number of ransomware attacks that have reached the stage of encrypting data.

Cybercrime today has reached such a scale that it can be described as the world's third largest economy, after the United States and China, these were the words spoken at the World Economic Forum. And they are fully justified, as Cybersecurity Ventures predicts that the global cost of cybercrime will grow by 15 percent per year over the next five years, reaching $10.5 trillion per year by 2025. The current situation requires government, business and society to strengthen resilience to cyber threats. This requires experts, knowledge and technology, as well as ongoing training of new cyber security professionals to close the skills gap. Cyber security is a team game. And now that team is strengthened by AI,” pointed out Krzysztof Malesa, director of security strategy at Microsoft.

Cybercriminals are not bypassing our region. The Microsoft Digital Defense Report states that after Ukraine and the UK, Poland is the third most attacked country in Europe. Most of the threats come from Russia, which uses cyberespionage as an element of hybrid warfare. Today, for any organization representing virtually any industry, cyber security is a pillar of the company's operations and part of its growth strategy.

“Security at mBank is embedded in our group strategy as one of the pillars. It is important to emphasize that it is above all the culture of caring for common security that we have built over the years that has made security our DNA. Investments in safe infrastructure using the latest technologies, periodic and thematic safety training for employees in the form of a program rather than a one-time general training, ongoing advertising campaigns on TV, radio, the Internet, up to the production of our own Jazgot podcast, have positioned our brand as one that is primarily associated with safety. The rapidly changing reality in which we live, including the war across the eastern border, cybercriminals acting as professionally organized criminal groups, force us to constantly improve. Today, to effectively defend against attacks, one cannot act alone. The latest technologies available and the multitude of security tools on the market, must go hand in hand with cooperation at the sectoral level, among others, and together with the best technology companies to quickly exchange knowledge of the changing threats in the cyberspace. Financial institutions, especially banks, must ensure the highest level of trust among the public, because we are responsible for one of the most precious things in life - the safety of the funds entrusted to us by our customers. In the daily rush, it's worth trying to keep a so-called cool head, especially in stressful situations, such as an unexpected phone call from a supposed bank informing us that we've just been robbed, and the caller wants to help us - just such a simple action can keep us from potentially becoming the next victim,” says Maciej Pyśka, senior manager of the cyber security architecture team at mBank.

Cybercrime supports armed conflict

Once again, cybercriminals affiliated with nation-states have demonstrated that cyber operations - whether espionage, destructive or influential - play an ongoing supporting role in broader geopolitical conflicts. State actors recruit cyber criminals, and use the same methods and tools as them to obtain financial benefits or gather intelligence, particularly on the Ukrainian military.

Over the past 12 months, the activities of state-sponsored actors have been heavily concentrated around sites of active armed conflict or regional tensions. Outside of the United States and the United Kingdom, most of the observed activities of nation-state-linked criminal groups were concentrated around Israel, Ukraine, the United Arab Emirates and Taiwan. About 75 percent of Russian targets were in Ukraine or NATO member states. This is due to Moscow's efforts to gather intelligence on Western policy toward the war. In addition, Iran and Russia have used both the Russian-Ukrainian war and Israel's conflict with Hamas to spread divisive and misleading messages as part of propaganda campaigns that extend their influence beyond the geographic boundaries of conflict zones, demonstrating the globalized nature of hybrid warfare.

Russia, Iran and China have been using current geopolitical issues to fuel discord over sensitive US domestic issues and undermine confidence in elections as the foundation of democracy. Microsoft analysts also reported an expected increase in the intensity of disinformation activity by groups linked to other countries just before the US presidential election.

Cybercrime and financially motivated fraud remain a constant threat.

In addition to attacks by states such as Russia, financially motivated threats and extortion are on the rise, and threat actors are effectively experimenting with generative artificial intelligence in increasingly sophisticated ways.

As early as last year, we began to see both cybercriminals and nation states experimenting with artificial intelligence. Just as artificial intelligence is increasingly being used to help humans be more efficient, cybercriminals are learning how they can use AI performance to attack in cyberspace. For influence operations, Chinese-linked entities are using AI to generate images, while Russian-linked entities are focusing on audio.

Microsoft engages 34,000 engineers in various cyber security initiatives. They protect corporate assets, customers, monitor threats and ensure that services are resilient to attacks. In addition, Microsoft works with an ecosystem of 15,000 Partners specializing in IT security. It recently announced the Secure Future Initiative, which puts security at the forefront of every step in the development and use of the company's products and services.

Training new staff is also critical. As the Cybersecurity Skills Gap Report indicates, there is a shortage of up to 4 million cybersecurity professionals worldwide.

AI will support “fusees”

Artificial intelligence also has huge applications in the fight against cybercrime. It can support defense at every stage - from anomaly detection to classification to incident handling. For example, Copilot for Security enhances the ability of analysts to catch suspicious activity, and allows them to act faster and more accurately.

“Generative artificial intelligence introduces a new stage in cyber security that can give an edge in the face of a threat. Combining generative AI with the skills of security professionals allows for a faster and more in-depth understanding of security incidents, reducing response times from days to minutes. AI streamlines the process of detecting, investigating and responding to threats, enabling security teams to learn and train in real time and freeing up the time of experienced analysts for more important tasks.” - Krzysztof Malesa adds.