BeyondTrust, the worldwide leader in intelligent identity and access security, has announced the release of the 2024 Microsoft Vulnerabilities Report. Produced annually by BeyondTrust, this report analyzes data from security bulletins publicly issued by Microsoft throughout the previous year and provides valuable information to help organizations understand, identify, and address the risks within their Microsoft ecosystems.

Each Microsoft Security Bulletin is comprised of one or more vulnerabilities, which apply to one or more Microsoft products. Microsoft typically groups vulnerabilities into these main categories: Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Denial of Service (DDoS), Spoofing, Tampering, and Security Feature Bypass. This year’s edition of the report also assesses how vulnerabilities are being leveraged in identity-based attacks, spotlighting some of the most significant CVEs of 2023 (9.0+ CVSS severity scores).

Total and critical vulnerabilities demonstrated some of the most consistent data, year over year, since this report’s debut, a strong indicator that overall long-term security efforts are paying off. This may also reflect that attackers are increasingly re-focusing their efforts on exploiting identities, rather than Microsoft software vulnerabilities.

1. After hitting an all-time high in 2022, total vulnerabilities continue their 4-year holding pattern near their highest-ever numbers in 2023, remaining between 1,200 and 1,300 (since 2020).
2. Elevation of Privilege vulnerability category continues to dominate, accounting for 40% (490) of the total vulnerabilities in 2023.
3. Denial of Service vulnerabilities climbed 51% to hit a record high of 109 in 2023, with Spoofing demonstrating a dramatic 190% increase, from 31 to 90.
4. The total number of critical vulnerabilities continues its downward trend, but slows its descent, dropping by 6% to 84 in 2023 (5 less than in 2022).
5. After Microsoft Azure & Dynamics 365 vulnerabilities skyrocketed in 2022, they almost halved in 2023 – down from 114 to 63.
6. Microsoft Edge experienced 249 vulnerabilities in 2023, only one of which was critical.
7. There were 522 Windows vulnerabilities in 2023, 55 of which were critical.
8. Microsoft Office experienced 62 vulnerabilities in 2023.
9. Windows Server category had 558 vulnerabilities in 2023, 57 of which were critical.

“This report continues to highlight the need to keep improving security, not only at Microsoft but also for all organizations who are looking to better manage cyber risks in the context of an evolving threat landscape,” said James Maude, Director of Research at BeyondTrust. “This year’s report was a prime illustration of the modern identity threat landscape. The continued domination of Elevation of Privilege as the most common category of vulnerability, and the identity crisis highlighted at the end of the report, underscore the importance of privilege and the timeless security concept of least privilege. It also emboldens BeyondTrust’s mission to provide the broadest level of visibility and protection of paths to privilege.”

Despite overall stability in the Microsoft vulnerabilities data, the report’s analysis of critical vulnerabilities and innovative threat tactics predict now is not the time to get complacent:

1. Vulnerabilities and unpatched systems will continue to provide threat actors with a means of attack.
2. Expanding Microsoft technologies will continue to introduce new attack surfaces.
3. Novel vulnerabilities will continue to emerge as threat actors uncover innovative pathways through Microsoft’s systems.
4. Investments in research and security practices will continue to shift the way threat actors gain their foothold, as it becomes easier to steal an identity to gain access than to exploit a vulnerability.

Despite predicting an increase in the volume and sophistication of identity-based attacks, this year’s report shows once again that long-standing, foundational security principles like least privilege will continue to offer the best line of defence—even against modern threats—and that the organisations that successfully pair preventative security controls with threat detection and response will continue to be much better poised to withstand tomorrow’s threats.

NetApp has released its second annual Cloud Complexity Report. The report looks at the experiences of global technology decision-makers deploying AI at scale and shows a stark contrast between AI leaders and AI laggards. This year’s report provides global insights into progress, readiness, challenges, and momentum since last year’s report, what we can learn from both the AI leaders and AI laggards, and the critical role of a unified data infrastructure in achieving AI success.

“AI is only as good as the data that fuels it,” said Pravjit Tiwana, General Manager and Senior Vice President of Cloud Storage at NetApp. “Both the AI leaders and AI laggards show us that in the prevailing hybrid IT environment, the more unified and reliable your data, the more likely your AI initiatives are to be successful.”  

The report found a clear divide between AI leaders and AI laggards across several areas including:

1. Regions: 60% of AI-leading countries (India, Singapore, UK, USA) have AI projects up and running or in the pilot, in stark contrast to 36% in AI-lagging countries (Spain, Australia/New Zealand, Germany, Japan).
2. Industries: Technology leads with 70% of AI projects up and running or in the pilot, while Banking & Financial Services and Manufacturing follow with 55% and 50%, respectively. However, Healthcare (38%) and Media & Entertainment (25%) are trailing.
3. Company size: Larger companies (with more than 250 employees) are more likely to have AI projects in motion, with 62% reporting projects up and running or in the pilot, versus 36% of smaller companies (with fewer than 250 employees).

Both AI leaders and AI laggards show a difference in their approach to AI:

1. Globally, 67% of companies in AI-leading countries report having hybrid IT environments, with India leading (70%) and Japan lagging (24%).
2. AI leaders are also more likely to report benefits from AI, including a 50% increase in production rates, 46% in the automation of routine activities, and a 45% improvement in customer experience.

“The rise of AI is ushering in a new disrupt-or-die era,” said Gabie Boko, Chief Marketing Officer at NetApp. “Data-ready enterprises that connect and unify broad structured and unstructured data sets into an intelligent data infrastructure are best positioned to win in the age of AI.”

Despite the divide, there is notable progress among AI laggards in preparing their IT environments for AI, but the window to catch up is closing rapidly. A significant number of companies in AI-lagging countries (42%) have optimized their IT environments for AI, including Germany (67%) and Spain (59%). Companies in some AI-lagging countries already report they see the benefits of a unified data infrastructure in place, such as:

• Easier data sharing: Spain (45%), Australia/New Zealand (43%), Germany (44%)
• Increased visibility: Spain (54%) and Germany (46%)

Rising IT costs and ensuring data security are the two of the biggest challenges in the AI era, but they will not block AI progress. Instead, AI leaders will scale back, cut other IT operations, or reallocate costs from other parts of the business to fund AI initiatives.

• AI leaders will also increase their cloud operations (CloudOps), data security and AI investments throughout 2024, with 40% of large companies saying AI projects have already increased IT costs
• Year over year, “increased cybersecurity risk” jumped 16% as a top concern from 45% to 61%, while all other concerns decreased
• To manage AI project costs, 31% of companies globally are reallocating funds from other business areas, with India (48%), the UK (40%), and the US (35%) leading this trend.

As global companies, whether AI leaders or AI laggards, increase investments, they are relying on the cloud to support their goals.

1. Companies reported that they expect to increase AI-driven cloud deployments by 19% from 2024 to 2030.
2. 85% of AI leaders plan to enhance their CloudOps automation over the next year.
3. Increasing data security investments is a global priority, jumping 25% from 33% in 2023 to 58% in 2024.

Infoblox has announced that its threat intel researchers, in collaboration with external researchers, have uncovered “Muddling Meerkat,” a likely PRC state actor with the ability to control the Great Firewall (GFW) of China, a system that censors and manipulates traffic entering and exiting China’s internet. This DNS threat actor is particularly sophisticated in its ability to bypass traditional security measures, as it conducts operations by creating large volumes of widely distributed DNS queries that are subsequently propagated through the internet through open DNS resolvers. Infoblox leveraged its deep understanding and unique access to DNS to discover this cyber threat, pre-incident, blocking its domains to ensure its customers are safe.

“Infoblox Threat Intel eats, sleeps, and breathes DNS data,” said Dr. Renée Burton, Vice President, Infoblox Threat Intel. “Our unrelenting focus on DNS, using cutting-edge data science and AI, has enabled our global team of threat hunters to be the first to discover Muddling Meerkat lurking in the shadows and produce critical threat intelligence for our customers. This actor’s complex operations demonstrate a strong understanding of DNS, stressing the importance of having a DNS detection and response (DNSDR) strategy in place to stop sophisticated threats like Muddling Meerkat.”

The moniker “Muddling Meerkat” was given to describe the actor as an animal that appears cute, but in reality, it can be dangerous, living in a complex network of burrows underground, and out of view. From a technical perspective, “Meerkat” references the abuse of open resolvers, particularly through the use of DNS mail exchange (MX) records. “Muddling” refers to the bewildering nature of their operations.

With a deep understanding of and visibility into DNS Infoblox Threat Intel can see attacker infrastructure as it’s created, stopping both known and emerging threats earlier. With 46M unique threat indicators detected in 2023 and a practically non-existent false positive rate of 0.0002%, Infoblox Threat Intel detected 82% of threats before or at the first query thus far in 2024 leveraging our patent pending threat intelligence system along with Infoblox’s new Zero Day DNS capability.

The threat actor, Muddling Meerkat, has been operating covertly since at least October 2019. At first glance, its operations look like Slow Drip distributed denial-of-service (DDoS) attacks, however, it is unlikely DDoS is their ultimate goal. The motivation of the actor is unknown, though they may be performing reconnaissance or prepositioning for future attacks.

Muddling Meerkat demonstrates a sophisticated understanding of DNS that is uncommon among threat actors today – clearly pointing out that DNS is a powerful weapon leveraged by adversaries.

The research further shows that their operations:

1. Induce responses from the Great Firewall, including false MX records from the Chinese IP address space. This highlights a novel use of national infrastructure as a fundamental part of their strategy.
2. Trigger DNS queries for MX and other record types to domains not owned by the actor but which reside under well-known top-level domains such as .com and .org. This tactic highlights the use of distraction and obfuscation techniques to hide the real intended purpose.
3. Utilize super-aged domains, typically registered prior to the year 2000, enabling the actor to blend in with other DNS traffic and avoid detection. This further highlights the threat actor’s understanding of both DNS and existing security controls.

The full report on Muddling Meerkat, can be downloaded below: