Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label AI in cybersecurity. Show all posts
ransomware attacks
AI in cybersecurity Cyber Attacks Cyber Extortion Microsoft Digital Defense Report nation-state hackers ransomware attacks

Microsoft Warns: Over Half of Cyberattacks Driven by Extortion and Ransomware, Legacy Security Failing to Keep Up

 


More than 50% of cyberattacks are now motivated by extortion and ransomware, according to Microsoft’s latest Digital Defense Report. The tech giant revealed that outdated security systems are no longer capable of defending against today’s evolving cyber threats.

In its sixth annual report, Microsoft highlighted that around 80% of the cyber incidents its security teams investigated last year were financially motivated.

"That’s at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%," said Amy Hogan-Burney, CVP for Customer Security and Trust at Microsoft.

She added, "Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit."

The report noted that critical public sectors, including hospitals and local governments, are prime targets. These institutions often handle highly sensitive information but operate with limited cybersecurity resources and response capabilities. In many cases, healthcare and other essential services are more likely to pay ransoms due to the critical nature of their operations.

Although nation-state-driven attacks account for a smaller share of total incidents, their volume is steadily increasing. Microsoft’s findings show that China continues its aggressive campaigns across industries to steal sensitive data, using covert systems and exploiting internet vulnerabilities to avoid detection.

Iran has widened its scope, targeting sectors from the Middle East to North America, including shipping and logistics companies in Europe and the Persian Gulf to gain access to valuable commercial data.

Meanwhile, Russia has extended its operations beyond Ukraine, focusing on small businesses in pro-Ukraine countries, perceiving them as softer targets compared to larger corporations.

Microsoft also identified North Korea as a major concern for both espionage and revenue-driven cyber operations. Thousands of North Korean IT workers are reportedly employed remotely by global companies, funneling their salaries back to the regime. When exposed, some of these operatives have shifted to extortion tactics.

"The cyber threats posed by nation-states are becoming more expansive and unpredictable," Hogan-Burney warned. "In addition, the shift by at least some nation-state actors to further leveraging the cybercriminal ecosystem will make attribution even more complicated."

She stressed the importance of collaboration: "This underscores the need for organizations to stay abreast of the threats to their industries and work with both industry peers and governments to confront the threats posed by nation-state actors."

Microsoft’s report also underscored how artificial intelligence and automation have empowered cybercriminals, even those with minimal expertise, to execute more complex attacks. AI tools are being used to develop malware faster, generate convincing fake content, and enhance phishing and ransomware campaigns.

More than 97% of identity attacks are now password-related, with a 32% surge in the first half of 2025 alone. Attackers commonly exploit leaked credentials and use large-scale password guessing.

"However, credential leaks aren’t the only place where attackers can obtain credentials," Hogan-Burney explained. "This year, we saw a surge in the use of infostealer malware by cyber criminals. Infostealers can secretly gather credentials and information about your online accounts, like browser session tokens, at scale."

She added, "Cyber criminals can then buy this stolen information on cyber crime forums, making it easy for anyone to access accounts for purposes such as the delivery of ransomware."

The report concludes by urging governments to establish stronger frameworks to ensure credible consequences for cyber activities that breach international laws and norms.


Read more »
Vulnerability management
AI in cybersecurity Artificial Intelligence cybersecurity automation preemptive exposure management Vulnerability management

From Vulnerability Management to Preemptive Exposure Management

 

The traditional model of vulnerability management—“scan, wait, patch”—was built for an earlier era, but today’s attackers operate at machine speed, exploiting weaknesses within hours of disclosure through automation and AI-driven reconnaissance. The challenge is no longer about identifying vulnerabilities but fixing them quickly enough to stay ahead. While organizations discover thousands of exposures every month, only a fraction are remediated before adversaries take advantage.

Roi Cohen, co-founder and CEO of Vicarius, describes the answer as “preemptive exposure management,” a strategy that anticipates and neutralizes threats before they can be weaponized. “Preemptive exposure management shifts the model entirely,” he explains. “It means anticipating and neutralizing threats before they’re weaponized, not waiting for a CVE to be exploited before taking action.” This proactive model requires continuous visibility of assets, contextual scoring to highlight the most critical risks, and automation that compresses remediation timelines from weeks to minutes.

Michelle Abraham, research director for security and trust at IDC, notes the urgency of this shift. “Proactive security seems to have taken a back seat to reactive security at many organizations. IDC research highlights that few organizations track all their IT assets which is the critical first step towards visibility of the full digital estate. Once assets and exposures are identified, security teams are often overwhelmed by the volume of findings, underscoring the need for risk-based prioritization,” she says. Traditional severity scores such as CVSS do not account for real-world exploitability or the value of affected systems, which means organizations often miss what matters most. Cohen stresses that blending exploit intelligence, asset criticality, and business impact is essential to distinguish noise from genuine risk.

Abraham further points out that less than half of organizations currently use exposure prioritization algorithms, and siloed operations between security and IT create costly delays. “By integrating visibility, prioritization and remediation, organizations can streamline processes, reduce patching delays and fortify their defenses against evolving threats,” she explains.

Artificial intelligence adds another layer of complexity. Attackers are already using AI to scale phishing campaigns, evolve malware, and rapidly identify weaknesses, but defenders can also leverage AI to automate detection, intelligently prioritize threats, and generate remediation playbooks in real time. Cohen highlights its importance: “In a threat landscape that moves faster than any analyst can, remediation has to be autonomous, contextual and immediate and that’s what preemptive strategy delivers.”

Not everyone, however, is convinced. Richard Stiennon, chief research analyst at IT-Harvest, takes a more skeptical stance: “Most organizations have mature vulnerability management programs that have identified problems in critical systems that are years old. There is always some reason not to patch or otherwise fix a vulnerability. Sprinkling AI pixie dust on the problem will not make it go away. Even the best AI vulnerability discovery and remediation solution cannot overcome corporate lethargy.” His concerns highlight that culture and organizational behavior remain as critical as the technology itself.

Even with automation, trust issues persist. A single poorly executed patch can disrupt mission-critical operations, leading experts to recommend gradual adoption. Much like onboarding a new team member, automation should begin with low-risk actions, operate with guardrails, and build confidence over time as results prove consistent and reliable. Lawrence Pingree of Dispersive emphasizes prevention: “We have to be more preemptive in all activities, this even means the way that vendors build their backend signatures and systems to deliver prevention. Detection and response is failing us and we're being shot behind the line.”

Regulatory expectations are also evolving. Frameworks such as NIST CSF 2.0 and ISO 27001 increasingly measure how quickly vulnerabilities are remediated, not just whether they are logged. Compliance is becoming less about checklists and more about demonstrating speed and effectiveness with evidence to support it.

Experts broadly agree on what needs to change: unify detection, prioritization, and remediation workflows; automate obvious fixes while maintaining safeguards; prioritize vulnerabilities based on exploitability, asset value, and business impact; and apply runtime protections to reduce exposure during patching delays. Cohen sums it up directly: security teams don’t need to find more vulnerabilities—they need to shorten the gap between detection and mitigation. With attackers accelerating at machine speed, the only sustainable path forward is a preemptive strategy that blends automation, context, and human judgment.
Read more »
Subscribe to: Comments (Atom)