Microsoft make cybercriminals see red

Johannesburg, 10 Oct 2018
Read time 3min 50sec
Cybercriminals see red as Microsoft hacks for good.
Cybercriminals see red as Microsoft hacks for good.

Businesses in South Africa are falling victim to repeated ransomware attacks, with more than half of them hit by ransomware in 2017.

Further North, Kenya has been targeted by hackers in several major attacks over the past couple of years.

These were two of the findings of a survey by Sophos, that also revealed that hackers are increasingly taking advantage of "low-hanging fruit" as the cost of circumventing security measures goes up.

In addition, the survey found that Botnets continue to impact millions of computers globally, infecting them with old and new forms of malware, while ransomware continues to be a popular method used by cyber criminals to solicit and, in several cases, successfully obtain money from victims.

"We continue to see high profile cyber attacks land in the headlines around the world," says David Weston, principal security group manager at Microsoft, who leads the Device Security and Offensive Security Research team, also known as the Red Team.

Weston adds that Crypto-currency mining, ransomware and other scareware are reaching new levels of sophistication.

Despite the continuous cyber security threats, only 33% of organisations have a cyber-incident response plan in place, and most companies are still not adequately prepared for or even understand the risks faced.

Who is the Red Team?

It's for this reason, Microsoft says it is committed to helping businesses secure their environment and protect their customers. One way the company is working to achieve this, is through its Red Team, led by Weston, who is visiting the Middle-East this month.

"The Red Team operates like the world's most sophisticated attackers: Gathering intelligence about their target, finding strings of vulnerabilities and then building the most refined exploits," explains Weston. "Once their attack is complete, they work with their colleagues to identify and build disruptors to block the attack."

The idea came about when Weston was at a hacking competition known as Pwn2Own, and noticed the pattern of many companies, including Microsoft, whereby they released software to the public and then hackers would attack. The so-called "white hats" would tell these companies about the vulnerabilities they found, but the "black hats" found and exploited these vulnerabilities themselves.

Weston says, "I knew we needed to be more aggressive in our approach, so I devised a plan: Disrupt this cycle by creating a team of internal hackers at Microsoft who would mimic the tactics and techniques of the most advanced hackers. Their goal would be to attack Windows 10 and its apps to make them better, to find and fix the toughest vulnerabilities before the bad guys."

The Red Team's advanced threat protections identify nearly a billion threats per day across end points. This helps Microsoft stay ahead of the game as hackers become increasingly more sophisticated.

The impact of AI and cloud on cybersecurity

Weston also highlights the impact of artificial intelligence (AI) on security.

"AI is filling critical gaps in cybersecurity," he explains. "It will continue to advance cyber security; improve efficacy, detection and response; and bring us closer to being truly predictive and preventing attacks before they even occur."

However, cyber criminals will continue to advance and adapt, just as the industry continues to advance and adapt. It's for this reason businesses are being urged to move to the cloud, adopt modern platforms, and embrace comprehensive identity, security and management solutions.

"Most businesses aren't as prepared as they could be. We can all do better, and that's why we believe cloud is a security imperative to secure today's modern workplace," says Weston.

The Red Team is making inroads to ensure Microsoft software is as secure as possible for its customers. However, businesses in the Middle East and Africa that are embracing digital transformation to remain relevant in their markets should prioritise four key initiatives to ensure they are secure: implementing cyber resilience strategies; developing cyber security skills; protecting data privacy; and integrating cyber risk.

"At Microsoft, we recommend that everyone must be proactive in their cyber security efforts. Better protection equals better prevention, detection and remediation," says Weston.

Watch to see how Microsoft's Red Team is making cyber criminals see red.

Login with