Microsoft Digital Defense Report 2021

The year 2021 brought powerful reminders that to protect the future we must understand the threats of the present. This requires that we continually share data and insights in new ways. Certain types of attacks have escalated as cybercriminals change tactics, leveraging current events to take advantage of vulnerable targets and advance their activity through new channels. Change brings opportunity—for both attackers and defenders—and this report focuses on the threats that are most novel and relevant to the community.

Looking at the threat landscape, along with data and signals from cross-company teams, five top-level areas emerged as most critical to bring into the sharpest focus in this report: the state of cybercrime; nation state threats; supplier ecosystems, Internet of Things (IoT), and operational technology (OT) security; the hybrid workforce; and disinformation.

The state of cybercrime

In this chapter, we discuss new developments in the cybercrime economy and the growing market for cybercrime services. We provide updates and analysis of what we are seeing in ransomware and extortion, phishing and other malicious email, malware, and the use of domains by cybercriminals, presenting recommendations for mitigating risk in each area. Finally, we share what we’re seeing in adversarial machine learning and what we are doing to stay ahead of cybercriminals in this area.

Nation state threats

This chapter provides an update on what we’re seeing in nation state adversarial activity, including reports on seven activity groups we have not previously mentioned publicly. We provide an analysis of the evolving threats in this watershed year with an increased focus on on-premises servers and the exposure of widespread supply chain vulnerabilities. We conclude with a discussion about private sector offensive actors and our guidance for comprehensive protections.

Supply chain, IoT, and OT security

The highly publicized events of the last year have made clear that securing and managing risks associated with supplier ecosystems is critically important. This chapter covers some current challenges in doing so in the supplier ecosystem and presents how Microsoft thinks about end-to-end supply chain security in nine investment areas. Then we turn our discussion to what we’re seeing in the Internet of Things (IoT) and operational technology (OT) threat landscape, with guidance on the properties of highly secured devices. We include specialized use cases of IoT and present some new research informing IoT policy considerations.

Hybrid workforce security

This chapter is about our greatest asset, our people. As we have moved to a hybrid workforce over the past year, we’ve seen developments in the threat landscape which point to the importance of adopting a Zero Trust approach. We include threat signals and other data across the six pillars of Zero Trust—identities, endpoints, applications, network, infrastructure, and data—and provide guidance based on what we’re seeing. We conclude with discussions about insider threats in hybrid work environments, and an empathy imperative for managing the new and significant challenges encountered by today’s workforce.

Disinformation

This chapter addresses the unprecedented disinformation campaigns and related cyber operations by state and non-state actors, impacting public awareness and knowledge as well as enterprise operations. We look at some parallels in cybersecurity and discuss mitigation through media literacy. We include a discussion on disinformation as an enterprise disruptor, providing a four-point plan for enterprise executives. The chapter concludes with an in-depth exploration of political campaign security and election integrity, two areas that have been targeted by disinformation campaigns.