Microsoft Digital Defense Report OCTOBER 2021 2TOC INTRODUCTION THE STATE OF CYBERCRIME NATION STATE THREATS SUPPLY CHAIN, IOT, AND OT SECURITY HYBRID WORKFORCE SECURITY DISINFORMATION ACTIONABLE INSIGHTS TEAMS Microsoft Digital Defense Report | October 2021 CHAPTER 1 Introduction 3 Introduction 5 Our 2021 focus areas CHAPTER 2 The state of cybercrime 8 Introduction 8 The cybercrime economy and services 10 Ransomware and extortion 20 Phishing and other malicious email 34 Malware 38 Malicious domains 42 Adversarial machine learning CHAPTER 3 Nation state threats 48 Introduction 49 Tracking nation state threats 52 What we’re seeing 57 Analysis of nation state activity this year 69 Private sector offensive actors 69 Comprehensive protections requiredCHAPTER 4 Supply chain, IoT, and OT security 71 Introduction 72 Challenges in managing risk associated with the supplier ecosystem 73 How Microsoft thinks about supply chain 76 IoT and OT threat landscape 81 The 7 properties of highly secured devices 82 Applying a Zero Trust approach to IoT solutions 83 IoT at the intersection of cybersecurity and sustainability 84 IoT security policy considerations CHAPTER 5 Hybrid workforce security 89 Introduction 91 A Zero Trust approach for securing hybrid work 93 Identities 98 Devices/Endpoints 99 Applications 100 Network 104 Infrastructure 105 Data 106 People CHAPTER 6 Disinformation 110 Introduction 111 Disinformation as an emerging threat 113 Mitigation through media literacy 114 Disinformation as an enterprise disruptor 117 Campaign security and election integrity CHAPTER 7 Actionable insights 122 Introduction 123 Summary of report learnings 128 Conclusion Contributing teams at Microsoft3TOC INTRODUCTION THE STATE OF CYBERCRIME NATION STATE THREATS SUPPLY CHAIN, IOT, AND OT SECURITY HYBRID WORKFORCE SECURITY DISINFORMATION ACTIONABLE INSIGHTS TEAMS Introduction Our 2021 focus areas Microsoft Digital Defense Report | October 2021 Introduction TOM BURT, CORPORATE VICE PRESIDENT, CUSTOMER SECURITY & TRUST Over the past year the world has borne witness to a burgeoning cybercrime economy and the rapid rise of cybercrime services. We have watched this global market grow in both complexity and fervency. We’ve seen the cyberattack landscape becoming increasingly sophisticated as cybercriminals continue—and even escalate—their activity in times of crisis. New levels of supply chain and ransomware attacks were a powerful reminder that we must all work together, and in new ways, to protect the cybersecurity of the planet. We see transparency and information sharing as essential to the protection of the ecosystem. Knowledge brings power, and to that end, security professionals need diverse and timely insights into the threats they are defending against. Microsoft serves billions of customers globally, allowing us to aggregate security data from a broad and diverse spectrum of companies, organizations, and consumers. Informed by over 24 trillion security signals per day, our unique position helps us generate a high-fidelity picture of the current state of cybersecurity, including indicators that help us predict what attackers will do next. Our goal in creating the Microsoft Digital Defense Report is to bring together integrated data and insights from more teams, across more areas of Microsoft than ever before. We will share what we’re seeing to help the global community strengthen the defense of the digital ecosystem, and we will include actionable learnings that companies, governments, and consumers can use to further secure individuals and environments. The Microsoft Digital Defense Report draws on insights, data, and signals from across Microsoft, including the cloud, endpoints, and the intelligent edge. 1 Thousands of Microsoft security experts across 77 countries interpret and contribute to the insights gained from our advance