Tackling Cyber Influence Operations: Exploring the Microsoft Digital Defense Report

Microsoft’s Digital Defense Report helps organizations understand their most pressing cyber threats and strengthen their cyber defenses. This article breaks down the report’s coverage of cyber influence operations.

istock 878489396

By Microsoft Security

Each year, Microsoft uses intelligence gained from trillions of daily security signals to create the Microsoft Digital Defense Report. Organizations can use this tool to understand their most pressing cyber threats and strengthen their cyber defenses to withstand an evolving digital threat landscape.

Comprised of security data from organizations and consumers across the cloud, endpoints, and the intelligent edge, the Microsoft Digital Defense Report covers key insights across cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. Keep reading to explore section four of the report: cyber-influence operations.

Cyber influence operations perpetuate fraud and erode trust

Democracy needs trustworthy information to flourish. However, nation-states are increasingly using sophisticated influence operations to distribute propaganda and impact public opinion on domestic and international levels. These campaigns erode trust, increase polarization, and threaten democratic processes. In the US, for example, only 7% of adults have “a great deal” of trust and confidence in newspapers, television, and radio news reporting, while 34% report having “none at all.”

Foreign cyber influence operations typically have three stages to promote public mistrust. First, there is the pre-position stage in which foreign cyber influence operations will pre-position false narratives in the public domain on the internet. This false information is often extremely compelling. One study from the Massachusetts Institute of Technology (MIT) study found that falsehoods are 70% more likely to be retweeted than the truth, and they reach the first 1,500 people six times faster.

Next, we see the launch stage. Here, a coordinated campaign is launched to propagate narratives through government-backed and influenced media outlets and social media channels.

Finally, there is the amplification stage in which nation-state-controlled media and proxies amplify narratives inside targeted audiences. Unfortunately, tech enablement tools can often unknowingly extend these narratives’ reach. For example, online advertising can help finance activities and coordinated content delivery systems can flood search engines.

AI enables hyper-realistic media creation and manipulation

At the same time, we are entering a golden era for AI-enabled media creation and manipulation. This trend is driven in part by the proliferation of tools and services for artificially creating highly realistic synthetic content. We’re also seeing threat actors capitalize on the ability to quickly disseminate content that is optimized for specific audiences.

The term deepfake is often used to describe synthetic media that has been created using cutting-edge AI techniques. These technologies are being developed as standalone apps, tools, and services and integrated into established commercial and open-source editing tools. Since 2019, there has been a 900% year-over-year increase in the proliferation of deepfakes. When consumers can no longer trust what they see or hear, this poses a serious threat to our collective understanding of the truth.

While this technology isn’t inherently problematic, synthetic media can do serious damage to individuals, companies, institutions, and society when created and distributed with the intent to harm.

Government and academic organizations are working hard to develop better ways to identify and mitigate synthetic media, but many current detection methods are unreliable.

Public and private sectors must coordinate defensive strategies

Globally, more than three-quarters of people worry about how information is being weaponized. The rapidly changing nature of the information ecosystem, coupled with nation-state influence operations, requires coordinated responses from public and private sector entities. More information sharing is needed to increase the transparency of these influence campaigns and to expose and disrupt their goals.

We recommend dividing your response and mitigation strategies into four key pillars: detect, disrupt, defend, and deter. First, organizations must counter foreign cyber influence operations by developing the capacity to detect them. The next priority is to shore up democratic defenses while also accounting for the challenges and opportunities technology has created to defend democratic societies more effectively. Third, organizations can counter a broad range of cyber attacks by leveraging active disruption techniques. And finally, nations will never change their behavior if there is no accountability for violating international rules. So civil societies must come together to align on deterrence strategies and appropriate consequences for violating these guidelines.

Download the full Microsoft Digital Defense Report for a closer look at today’s cyber threat landscape and for even more details, check out our recent webinar, “Build cyber resilience by leveraging Microsoft experts' digital defense learnings.”

Explore more threat intelligence insights on Microsoft Security Insider.


Copyright © 2023 IDG Communications, Inc.