Earlier this year Microsoft shifted to a new threat actor taxonomy roughly patterned off of (bad) weather systems. These threat actors where categorized in to five groups:
- Nation-state actors: cyber operators acting on behalf of or directed by a nation/state-aligned program, irrespective of whether for espionage, financial gain, or retribution.
- Financially motivated actors: cyber campaigns/groups directed by a criminal organization/person with motivations of financial gain.
- Private sector offensive actors (PSOAs): cyber activity led by commercial actors that are known/legitimate legal entities, that create and sell cyber-weapons.
- Influence operations: information campaigns communicated online or offline in a manipulative fashion to shift perceptions, behaviours, or decisions of their target audience.
The fifth group is in “Development” referring to the current status of investigation by Microsoft. The thinking here is that these “undetermined” groups will fall into the other four categories.
Microsoft has provided a handy infographic to detail their latest threat descriptions.
It appears that this intensive security work has continued as Microsoft has just announced the Secure Future Initiative. Brad Smith (the top legal guy at Microsoft) describes this internal Microsoft effort as,
“This new initiative will bring together every part of Microsoft to advance cybersecurity protection. It will have three pillars, focused on AI-based cyber defenses, advances in fundamental software engineering, and advocacy for stronger application of international norms to protect civilians from cyber threats.”
This initiative is built on several engineering pillars, most notably the Security Development Lifecycle (SDL). The SDL is a twelve step process that begins with training, covers design and architecture and finishes with a full incident response team.
As part of the SFI effort, there are now three new core priorities:
- Transform Microsoft security efforts with AI (particularly co-pilot) and multi-factor authentication (MFA)
- Increased and strengthen identify protection (Microsoft Entra and passkeys)
- Increase response on patches, updates to Microsoft Azure.
Trustworthy Computing started about twenty years ago (by Bill Gates) and has seen several major changes (look what happened with Windows XP). I am excited to see Microsoft adopt this approach and especially with their focus on updates and patches I would like to see:
- Greater focus on open-source dependencies.
- Faster patching to cloud-based platforms (Azure, but VM, databases and networking infrastructure).
- Inclusive patching and update architecture/infrastructure for 3rd party applications.
Readiness will be working closely with the Microsoft engineering teams on these areas and we look forward to the next “update” (sorry about the pun) in this exciting area.