Prior to 2020, there was an unspoken rule of threat actors to not launch attacks against schools and children, infrastructure, and healthcare organizations.¹ However, that “rule” no longer applies, and in the past four years the healthcare threat landscape has seen tremendous shifts for the worse.

To put this shift into context, consider these trends from the Microsoft Threat Intelligence report showing healthcare cybersecurity challenges:

• Healthcare is one of the top 10 most targeted industries in the second quarter of 2024²—and has been for the past four quarters.
• Ransomware attacks are costly, with healthcare organizations losing an average of $900,000 per day on downtime alone.³
• In a recent study, out of the 99 healthcare organizations that admitted to paying a ransom and disclosed the ransom paid, the average payment was $4.4 million.⁴

The serious impact of ransomware on healthcare

While the potential financial risk for healthcare organizations is high, lives are at stake because ransomware attacks impact patient outcomes. If healthcare providers are not able to use diagnostic equipment or access patient medical records because it’s under ransom, care will be disrupted.

Healthcare facilities located near hospitals that are impacted by ransomware are also affected because they experience a surge of patients needing care and are unable to support them in an urgent manner. As a result, patients can experience longer wait times, which studies show could lead to more severe stroke cases and heart attack cases.⁵

These attacks don’t just impact facilities in large cities; in fact, rural health clinics are also a target for cyberattacks. They are particularly vulnerable to ransomware incidents because they often have limited means to prevent and remediate security risks. This can be devastating for a community as these hospitals are often the only healthcare option for many miles in the communities they serve.  

Why healthcare is an appealing target for threat actors

Healthcare organizations collect and store extremely sensitive data, which likely contributes to threat actors targeting them in ransomware attacks. However, a more significant reason these facilities are at risk is the potential for huge financial payouts. As referenced earlier, lives are at stake and healthcare facilities committed to patient care can’t risk poor patient outcomes if their systems are taken down. They also can’t risk their patients’ data being exposed if they don’t pay the ransom. That reputation for paying ransoms—for understandable reasons—makes them a target.

Healthcare facilities are also targeted because of their limited security resources and cybersecurity investments to defend against these threats compared to other sectors. Facilities often lack staff dedicated to cybersecurity and in fact, some facilities don’t have a chief information security officer (CISO) or dedicated security operations center at all. Instead, their IT department may be tasked with managing cybersecurity. Doctors, nurses, and healthcare staff may not have received any cybersecurity training or know the signs to look for to identify a phishing email.

How cyber criminals target healthcare organizations

Financially motivated cyber criminals are using an evolving set of ransomware tactics on healthcare organizations. One common approach involves two steps. First, they gain access to an organization’s network, often using social engineering tactics through a phishing email or text. Then, they use that access to deploy ransomware to encrypt and lock healthcare systems and data so they can seek a ransom for their release.

“Once ransomware is deployed, attackers typically move quickly to encrypt critical systems and data, often within a matter of hours,” said Jack Mott of Microsoft Threat Intelligence in the Microsoft ransomware report. “They target essential infrastructure, such as patient records, diagnostic systems, and even billing operations, to maximize the impact and pressure on healthcare organizations to pay the ransom.”

Social engineering tactics often involve convincing the email recipient to act in ways they normally wouldn’t, such as clicking on an unknown link, and using the tactics of urgency, emotion, and habit. Social engineering fraud is a serious problem. In just this fiscal year, a staggering 389 healthcare institutions across the United States fell victim to ransomware attacks, according to the 2024 Microsoft Digital Defense Report.⁶ The aftermath was severe, resulting in network closures, offline systems, delays in critical medical operations, and rescheduled appointments.

Another common approach is ransomware as a service (RaaS), a cybercrime business model growing in popularity. The RaaS model is an agreement between an operator, who develops extortion tools, and an affiliate, who deploys the ransomware. Both parties benefit from a successful ransomware and extortion attack, and it’s “democratized access to sophisticated ransomware tools,” Mott said. This model enables cyber criminals without the means of developing their own tools to launch their nefarious activities. Sometimes, they may simply purchase network access from a cybercrime group that has already breached a network. RaaS severely widens the risk to healthcare organizations, making ransomware more accessible and frequent.

Cybercrime tactics continue to grow in sophistication. Microsoft is continually tracking the latest cybercrime threats to support our customers and increase the knowledge of the entire global community. These threats include actions by threat actor groups Vanilla Tempest and Sangria Tempest, which are known for their financially motivated criminal activities.

Take a collective defense approach to boost your cyber resilience and visibility

We recognize that not all organizations have a robust cybersecurity team or even the resources to enable a cybersecurity resilience strategy. This is why it is important for us as a community to come together and share best practices, tools, and guidance. We encourage your organization to collaborate with regional, national, and global healthcare organizations such as Health-ISAC (Information Sharing and Analysis Centers). The Health-ISAC provides healthcare organizations with platforms to exchange threat intelligence. Health-ISAC Chief Security Officer Errol Weiss says these organizations are like “virtual neighborhood watch programs,” sharing threat experiences and defense strategies. 

It’s also important to foster a security-first mindset among healthcare staff. Dr. Christian Dameff and Dr. Jeff Tully, Co-directors of the University of California San Diego Center for Healthcare Cybersecurity, emphasize that breaking down silos between IT security teams, emergency managers, and clinical staff to develop cohesive incident response plans is key. They also recommend running high-fidelity clinical simulations that expose doctors and nurses to real-world cyberattack scenarios.

For rural hospitals that provide critical services to the communities they serve across the US, Microsoft created the Microsoft Cybersecurity Program for Rural Hospitals, which provides affordable access to Microsoft security solutions, builds cybersecurity capacity, and helps solve root challenges through innovation.

For healthcare organizations that have the resources, as part of this report we provide guidance on how to:

• Establish a robust governance framework.
• Create an incident response and detection plan. Then be prepared to execute it efficiently during an actual attack to minimize damage and ensure a quick recovery.
• Implement continuous monitoring and real-time detection capabilities.
• Educate your organization using our cybersecurity awareness and education #BeCyberSmart Kit.
• Harness more resilience strategies found in the report.

Given the serious cyberthreats against healthcare organizations, it’s critical to protect your assets by understanding the situation and taking steps to prevent it. For more details on the current healthcare cyberthreat landscape and ransomware threats, and for more in-depth guidance on boosting resilience, read the “US healthcare at risk: Strengthening resiliency against ransomware attacks” report and watch our healthcare threat intelligence briefing video, which is included in the report. To stay up-to-date on the latest threat intelligence insights and get actionable guidance for your security efforts, bookmark Microsoft Security Insider.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹How to protect your networks from ransomware, justice.gov.

²Threat Landscape: Healthcare and Public Health Sector, April 2024. Microsoft Threat Intelligence.

³On average, healthcare organizations lose $900,000 per day to downtime from ransomware attacks, Comparitech. March 6, 2024.

⁴Healthcare Ransomware Attacks Continue to Increase in Number and Severity, The HIPAA Journal. September 2024.

⁵Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US, JAMA Network. May 8, 2023.

⁶Microsoft Digital Defense Report 2024.

The post Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action appeared first on Microsoft Security Blog.

Education is essentially an “industry of industries,” with K-12 and higher education enterprises handling data that could include health records, financial data, and other regulated information. At the same time, their facilities can host payment processing systems, networks that are used as internet service providers (ISPs), and other diverse infrastructure. The cyberthreats that Microsoft observes across different industries tend to be compounded in education, and threat actors have realized that this sector is inherently vulnerable. With an average of 2,507 cyberattack attempts per week, universities are prime targets for malware, phishing, and IoT vulnerabilities.¹ 

Security staffing and IT asset ownership also affect education organizations’ cyber risks. School and university systems, like many enterprises, often face a shortage of IT resources and operate a mix of both modern and legacy IT systems. Microsoft observes that in the United States, students and faculty are more likely to use personal devices in education compared to Europe, for example. Regardless of ownership however, in these and other regions, busy users do not always have a security mindset. 

This edition of Cyber Signals delves into the cybersecurity challenges facing classrooms and campuses, highlighting the critical need for robust defenses and proactive measures. From personal devices to virtual classes and research stored in the cloud, the digital footprint of school districts, colleges, and universities has multiplied exponentially.  

We are all defenders. 

A uniquely valuable and vulnerable environment 

The education sector’s user base is very different from a typical large commercial enterprise. In the K-12 environment, users include students as young as six years old. Just like any public or private sector organization, there is a wide swath of employees in school districts and at universities including administration, athletics, health services, janitorial, food service professionals, and others. Multiple activities, announcements, information resources, open email systems, and students create a highly fluid environment for cyberthreats.

Virtual and remote learning have also extended education applications into households and offices. Personal and multiuser devices are ubiquitous and often unmanaged—and students are not always cognizant about cybersecurity or what they allow their devices to access.

Education is also on the front lines confronting how adversaries test their tools and their techniques. According to data from Microsoft Threat Intelligence, the education sector is the third-most targeted industry, with the United States seeing the greatest cyberthreat activity.

Cyberthreats to education are not only a concern in the United States. According to the United Kingdom’s Department of Science Innovation and Technology 2024 Cybersecurity Breaches Survey, 43% of higher education institutions in the UK reported experiencing a breach or cyberattack at least weekly.² 

QR codes provide an easily disguised surface for phishing cyberattacks

Today, quick response (QR) codes are quite popular—leading to increased risks of phishing cyberattacks designed to gain access to systems and data. Images in emails, flyers offering information about campus and school events, parking passes, financial aid forms, and other official communications all frequently contain QR codes. Physical and virtual education spaces might be the most “flyer friendly” and QR code-intensive environments anywhere, given how big a role handouts, physical and digital bulletin boards, and other casual correspondence help students navigate a mix of curriculum, institutional, and social correspondence. This creates an attractive backdrop for malicious actors to target users who are trying to save time with a quick image scan. 

Recently the United States Federal Trade Commission issued a consumer alert on the rising threat of malicious QR codes being used to steal login credentials or deliver malware.³

Microsoft Defender for Office 365 telemetry shows that approximately more than 15,000 messages with malicious QR codes are targeted toward the educational sector daily—including phishing, spam, and malware. 

Legitimate software tools can be used to quickly generate QR codes with embedded links to be sent in email or posted physically as part of a cyberattack. And those images are hard for traditional email security solutions to scan, making it even more important for faculty and students to use devices and browsers with modern web defenses. 

Targeted users in the education sector may use personal devices without endpoint security. QR codes essentially enable the threat actor to pivot to these devices. QR code phishing (since its purpose is to target mobile devices) is compelling evidence of mobile devices being used as an attack vector into enterprises—such as personal accounts and bank accounts—and the need for mobile device protection and visibility. Microsoft has significantly disrupted QR code phishing attacks. This shift in tactics is evident in the substantial decrease in daily phishing emails intercepted by our system, dropping from 3 million in December 2023 to just 179,000 by March 2024. 

Universities present their own unique challenges. Much of university culture is based on collaboration and sharing to drive research and innovation. Professors, researchers, and other faculty operate under the notion that technology, science—simply knowledge itself—should be shared widely. If someone appearing as a student, peer, or similar party reaches out, they’re often willing to discuss potentially sensitive topics without scrutinizing the source. 

University operations also span multiple industries. University presidents are effectively CEOs of healthcare organizations, housing providers, and large financial organizations—the industry of industries factor, again. Therefore, top leaders can can be prime targets for anyone attacking those sectors.

The combination of value and vulnerability found in education systems has attracted the attention of a spectrum of cyberattackers—from malware criminals employing new techniques to nation-state threat actors engaging in old-school spy craft.  

Microsoft continually monitors threat actors and threat vectors worldwide. Here are some key issues we’re seeing for education systems. 

Email systems in schools offer wide spaces for compromise 

The naturally open environment at most universities forces them to be more relaxed in their email hygiene. They have a lot of emails amounting to noise in the system, but are often operationally limited in where and how they can place controls, because of how open they need to be for alumni, donors, external user collaboration, and many other use cases.  

Education institutions tend to share a lot of announcements in email. They share informational diagrams around local events and school resources. They commonly allow external mailers from mass mailing systems to share into their environments. This combination of openness and lack of controls creates a fertile ground for cyberattacks.

AI is increasing the premium on visibility and control  

Cyberattackers recognizing higher education’s focus on building and sharing can survey all visible access points, seeking entry into AI-enabled systems or privileged information on how these systems operate. If on-premises and cloud-based foundations of AI systems and data are not secured with proper identity and access controls, AI systems become vulnerable. Just as education institutions adapted to cloud services, mobile devices and hybrid learning—which introduced new waves of identities and privileges to govern, devices to manage, and networks to segment—they must also adapt to the cyber risks of AI by scaling these timeless visibility and control imperatives.

Nation-state actors are after valuable IP and high-level connections 

Universities handling federally funded research, or working closely with defense, technology, and other industry partners in the private sector, have long recognized the risk of espionage. Decades ago, universities focused on telltale physical signs of spying. They knew to look for people showing up on campus taking pictures or trying to get access to laboratories. Those are still risks, but today the dynamics of digital identity and social engineering have greatly expanded the spy craft toolkit. 

Universities are often epicenters of highly sensitive intellectual property. They may be conducting breakthrough research. They may be working on high-value projects in aerospace, engineering, nuclear science, or other sensitive topics in partnership with multiple government agencies.  

For cyberattackers, it can be easier to first compromise somebody in the education sector who has ties to the defense sector and then use that access to more convincingly phish a higher value target.  

Universities also have experts in foreign policy, science, technology, and other valuable disciplines, who may willingly offer intelligence, if deceived in social-engineering cyberattacks employing false or stolen identities of peers and others who appear to be in individuals’ networks or among trusted contacts. Apart from holding valuable intelligence themselves, compromised accounts of university employees can become springboards into further campaigns against wider government and industry targets.

Nation-state actors targeting education 

Peach Sandstorm

Peach Sandstorm has used password spray attacks against the education sector to gain access to infrastructure used in those industries, and Microsoft has also observed the organization using social engineering against targets in higher education.  

Mint Sandstorm 

Microsoft has observed a subset of this Iranian attack group targeting high-profile experts working on Middle Eastern affairs at universities and research organizations. These sophisticated phishing attacks used social engineering to compel targets to download malicious files including a new, custom backdoor called MediaPl. 

Mabna Institute  

In 2023, the Iranian Mabna Institute conducted intrusions into the computing systems of at least 144 United States universities and 176 universities in 21 other countries.  

The stolen login credentials were used for the benefit of Iran’s Islamic Revolutionary Guard Corps and were also sold within Iran through the web. Stolen credentials belonging to university professors were used to directly access university library systems. 

Emerald Sleet

This North Korean group primarily targets experts in East Asian policy or North and South Korean relations. In some cases, the same academics have been targeted by Emerald Sleet for nearly a decade.  

Emerald Sleet uses AI to write malicious scripts and content for social engineering, but these attacks aren’t always about delivering malware. There’s also an evolving trend where they simply ask experts for policy insight that could be used to manipulate negotiations, trade agreements, or sanctions. 

Moonstone Sleet 

Moonstone Sleet is another North Korean actor that has been taking novel approaches like creating fake companies to forge business relationships with educational institutions or a particular faculty member or student.  

One of the most prominent attacks from Moonstone Sleet involved creating a fake tank-themed game used to target individuals at educational institutions, with a goal to deploy malware and exfiltrate data. 

Storm-1877  

This actor largely engages in cryptocurrency theft using a custom malware family that they deploy through various means. The ultimate goal of this malware is to steal crypto wallet addresses and login credentials for crypto platforms.  

Students are often the target for these attacks, which largely start on social media. Storm-1877 targets students because they may not be as aware of digital threats as professionals in industry. 

A new security curriculum 

Due to education budget and talent constraints and the inherent openness of its environment, solving education security is more than a technology problem. Security posture management and prioritizing security measures can be a costly and challenging endeavor for these institutions—but there is a lot that school systems can do to protect themselves.  

Maintaining and scaling core cyberhygiene will be key to securing school systems. Building awareness of security risks and good practices at all levels—students, faculty, administrators, IT staff, campus staff, and more—can help create a safer environment.  

For IT and security professionals in the education sector, doing the basics and hardening the overall security posture is a good first step. From there, centralizing the technology stack can help facilitate better monitoring of logging and activity to gain a clearer picture into the overall security posture and any vulnerabilities. 

Oregon State University 

Oregon State University (OSU), an R1 research-focused university, places a high priority on safeguarding its research to maintain its reputation. In 2021, it experienced an extensive cybersecurity incident unlike anything before. The cyberattack revealed gaps in OSU’s security operations.

“The types of threats that we’re seeing, the types of events that are occurring in higher education, are much more aggressive by cyber adversaries.”

—David McMorries, Chief Information Security Officer at Oregon State University

In response to this incident, OSU created its Security Operations Center (SOC), which has become the centerpiece of the university’s security effort. AI has also helped automate capabilities and helped its analysts, who are college students, learn how to quickly write code—such as threat hunting with more advanced hunting queries. 

Arizona Department of Education 

A focus on Zero Trust and closed systems is an area that the Arizona Department of Education (ADE) takes further than the state requirements. It blocks all traffic from outside the United States from its Microsoft 365 environment, Azure, and its local datacenter.

“I don’t allow anything exposed to the internet on my lower dev environments, and even with the production environments, we take extra care to make sure that we use a network security group to protect the app services.”

—Chris Henry, Infrastructure Manager at the Arizona Department of Education 

Follow these recommendations:  

• The best defense against QR code attacks is to be aware and pay attention. Pause, inspect the code’s URL before opening it, and don’t open QR codes from unexpected sources, especially if the message uses urgent language or contains errors. 

• Consider implementing “protective domain name service,” a free tool that helps prevent ransomware and other cyberattacks by blocking computer systems from connecting to harmful websites. Prevent password spray attacks with a stringent password and deploy multifactor authentication.  

• Educate students and staff about their security hygiene, and encourage them to use multifactor authentication or passwordless protections. Studies have shown that an account is more than 99.9% less likely to be compromised when using multifactor authentication.   

• Microsoft has launched role-based trainings for leaders, educators, students, parents, and IT professionals aligned to recommendations of the United States Cybersecurity and Infrastructure Security Agency.    

Corey Lee has always had an interest in solving puzzles and crimes. He started his college career at Penn State University in criminal justice, but soon realized his passion for digital forensics after taking a course about investigating a desktop computer break-in.  

After completing his degree in security and risk analysis, Corey came to Microsoft focused on gaining cross-industry experience. He’s worked on securing everything from federal, state, and local agencies to commercial enterprises, but today he focuses on the education sector.  

After spending time working across industries, Corey sees education through a different lens—the significantly unique industry of industries. The dynamics at play inside the education sector include academic institutions, financial services, critical infrastructure like hospitals and transportation, and partnerships with government agencies. According to Corey, working in such a broad field allows him to leverage skillsets from multiple industries to address specific problems across the landscape. 

The fact that education could also be called underserved from a cybersecurity standpoint is another compelling challenge, and part of Corey’s personal mission. The education industry needs cybersecurity experts to elevate the priority of protecting school systems. Corey works across the public and industry dialogue, skilling and readiness programs, incident response, and overall defense to protect not just the infrastructure of education, but students, parents, teachers, and staff. 

Today, Corey is focused reimagining student security operations centers, including how to inject AI into the equation and bring modern technology and training to the table. By growing the cybersecurity work force in education and giving them new tools, he’s working to elevate security in the sector in a way that’s commensurate with how critical the industry is for the future. 

Next steps with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Global Cyberattacks Continue to Rise with Africa and APAC Suffering Most, Check Point Blog. April 27, 2023.

²Cyber security breaches survey 2024: education institutions annex, The United Kingdom Department for Science, Innovation & Technology. April 9, 2024

³Scammers hide harmful links in QR codes to steal your information, Federal Trade Commission (Alvaro Puig), December 6, 2023.

Methodology: Snapshot and cover stat data represent telemetry from Microsoft Defender for Office 365 showing how a QR code phishing attack was disrupted by image detection technology and how Security Operations teams can respond to this threat. Platforms like Microsoft Entra provided anonymized data on threat activity, such as malicious email accounts, phishing emails, and attacker movement within networks. Additional insights are from the 78 trillion daily security signals processed by Microsoft each day, including the cloud, endpoints, the intelligent edge, and telemetry from Microsoft platforms and services including Microsoft Defender. Microsoft categorizes threat actors into five key groups: influence operations; groups in development; and nation-state, financially motivated, and private sector offensive actors. The new threat actors naming taxonomy aligns with the theme of weather.  

© 2024 Microsoft Corporation. All rights reserved. Cyber Signals is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. 

The post ​​Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools​​ appeared first on Microsoft Security Blog.

We also made a commitment to identify and mitigate risks and share information on novel, potential threats. For example, earlier this year Microsoft shared the principles shaping Microsoft’s policy and actions blocking the nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track from using our AI tools and APIs.

In this blog post, we will discuss some of the key issues surrounding AI harms and vulnerabilities, and the steps we are taking to address the risk.

The potential for malicious manipulation of LLMs

One of the main concerns with AI is its potential misuse for malicious purposes. To prevent this, AI systems at Microsoft are built with several layers of defenses throughout their architecture. One purpose of these defenses is to limit what the LLM will do, to align with the developers’ human values and goals. But sometimes bad actors attempt to bypass these safeguards with the intent to achieve unauthorized actions, which may result in what is known as a “jailbreak.” The consequences can range from the unapproved but less harmful—like getting the AI interface to talk like a pirate—to the very serious, such as inducing AI to provide detailed instructions on how to achieve illegal activities. As a result, a good deal of effort goes into shoring up these jailbreak defenses to protect AI-integrated applications from these behaviors.

While AI-integrated applications can be attacked like traditional software (with methods like buffer overflows and cross-site scripting), they can also be vulnerable to more specialized attacks that exploit their unique characteristics, including the manipulation or injection of malicious instructions by talking to the AI model through the user prompt. We can break these risks into two groups of attack techniques:

• Malicious prompts: When the user input attempts to circumvent safety systems in order to achieve a dangerous goal. Also referred to as user/direct prompt injection attack, or UPIA.
• Poisoned content: When a well-intentioned user asks the AI system to process a seemingly harmless document (such as summarizing an email) that contains content created by a malicious third party with the purpose of exploiting a flaw in the AI system. Also known as cross/indirect prompt injection attack, or XPIA.

Today we’ll share two of our team’s advances in this field: the discovery of a powerful technique to neutralize poisoned content, and the discovery of a novel family of malicious prompt attacks, and how to defend against them with multiple layers of mitigations.

Neutralizing poisoned content (Spotlighting)

Prompt injection attacks through poisoned content are a major security risk because an attacker who does this can potentially issue commands to the AI system as if they were the user. For example, a malicious email could contain a payload that, when summarized, would cause the system to search the user’s email (using the user’s credentials) for other emails with sensitive subjects—say, “Password Reset”—and exfiltrate the contents of those emails to the attacker by fetching an image from an attacker-controlled URL. As such capabilities are of obvious interest to a wide range of adversaries, defending against them is a key requirement for the safe and secure operation of any AI service.

Our experts have developed a family of techniques called Spotlighting that reduces the success rate of these attacks from more than 20% to below the threshold of detection, with minimal effect on the AI’s overall performance:

• Spotlighting (also known as data marking) to make the external data clearly separable from instructions by the LLM, with different marking methods offering a range of quality and robustness tradeoffs that depend on the model in use.

Mitigating the risk of multiturn threats (Crescendo)

Our researchers discovered a novel generalization of jailbreak attacks, which we call Crescendo. This attack can best be described as a multiturn LLM jailbreak, and we have found that it can achieve a wide range of malicious goals against the most well-known LLMs used today. Crescendo can also bypass many of the existing content safety filters, if not appropriately addressed. Once we discovered this jailbreak technique, we quickly shared our technical findings with other AI vendors so they could determine whether they were affected and take actions they deem appropriate. The vendors we contacted are aware of the potential impact of Crescendo attacks and focused on protecting their respective platforms, according to their own AI implementations and safeguards.

At its core, Crescendo tricks LLMs into generating malicious content by exploiting their own responses. By asking carefully crafted questions or prompts that gradually lead the LLM to a desired outcome, rather than asking for the goal all at once, it is possible to bypass guardrails and filters—this can usually be achieved in fewer than 10 interaction turns. You can read about Crescendo’s results across a variety of LLMs and chat services, and more about how and why it works, in our research paper.

While Crescendo attacks were a surprising discovery, it is important to note that these attacks did not directly pose a threat to the privacy of users otherwise interacting with the Crescendo-targeted AI system, or the security of the AI system, itself. Rather, what Crescendo attacks bypass and defeat is content filtering regulating the LLM, helping to prevent an AI interface from behaving in undesirable ways. We are committed to continuously researching and addressing these, and other types of attacks, to help maintain the secure operation and performance of AI systems for all.

In the case of Crescendo, our teams made software updates to the LLM technology behind Microsoft’s AI offerings, including our Copilot AI assistants, to mitigate the impact of this multiturn AI guardrail bypass. It is important to note that as more researchers inside and outside Microsoft inevitably focus on finding and publicizing AI bypass techniques, Microsoft will continue taking action to update protections in our products, as major contributors to AI security research, bug bounties and collaboration.

To understand how we addressed the issue, let us first review how we mitigate a standard malicious prompt attack (single step, also known as a one-shot jailbreak):

• Standard prompt filtering: Detect and reject inputs that contain harmful or malicious intent, which might circumvent the guardrails (causing a jailbreak attack).
• System metaprompt: Prompt engineering in the system to clearly explain to the LLM how to behave and provide additional guardrails.

Defending against Crescendo initially faced some practical problems. At first, we could not detect a “jailbreak intent” with standard prompt filtering, as each individual prompt is not, on its own, a threat, and keywords alone are insufficient to detect this type of harm. Only when combined is the threat pattern clear. Also, the LLM itself does not see anything out of the ordinary, since each successive step is well-rooted in what it had generated in a previous step, with just a small additional ask; this eliminates many of the more prominent signals that we could ordinarily use to prevent this kind of attack.

To solve the unique problems of multiturn LLM jailbreaks, we create additional layers of mitigations to the previous ones mentioned above: 

• Multiturn prompt filter: We have adapted input filters to look at the entire pattern of the prior conversation, not just the immediate interaction. We found that even passing this larger context window to existing malicious intent detectors, without improving the detectors at all, significantly reduced the efficacy of Crescendo. 
• AI Watchdog: Deploying an AI-driven detection system trained on adversarial examples, like a sniffer dog at the airport searching for contraband items in luggage. As a separate AI system, it avoids being influenced by malicious instructions. Microsoft Azure AI Content Safety is an example of this approach.
• Advanced research: We invest in research for more complex mitigations, derived from better understanding of how LLM’s process requests and go astray. These have the potential to protect not only against Crescendo, but against the larger family of social engineering attacks against LLM’s. 

How Microsoft helps protect AI systems

AI has the potential to bring many benefits to our lives. But it is important to be aware of new attack vectors and take steps to address them. By working together and sharing vulnerability discoveries, we can continue to improve the safety and security of AI systems. With the right product protections in place, we continue to be cautiously optimistic for the future of generative AI, and embrace the possibilities safely, with confidence. To learn more about developing responsible AI solutions with Azure AI, visit our website.

To empower security professionals and machine learning engineers to proactively find risks in their own generative AI systems, Microsoft has released an open automation framework, PyRIT (Python Risk Identification Toolkit for generative AI). Read more about the release of PyRIT for generative AI Red teaming, and access the PyRIT toolkit on GitHub. If you discover new vulnerabilities in any AI platform, we encourage you to follow responsible disclosure practices for the platform owner. Microsoft’s own procedure is explained here: Microsoft AI Bounty.

The Crescendo Multi-Turn LLM Jailbreak Attack

Read about Crescendo’s results across a variety of LLMs and chat services, and more about how and why it works.

Read the paper

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How Microsoft discovers and mitigates evolving attacks against AI guardrails appeared first on Microsoft Security Blog.

Microsoft Incident Response

Strengthen your security with an end-to-end portfolio of proactive and reactive cybersecurity incident response services.

Explore services

One click opens the door to a threat actor

We know that 50% of Microsoft cybersecurity recovery engagements relate to ransomware,² and 61% of all breaches involve credentials.³ Identity attacks continue to be a challenge for businesses because humans continue to be a central risk vector in social engineering identity attacks. People click links without thinking. Too often, users open attachments by habit, thereby opening the door to threat actors. Even when employees recognize credential harvesting attempts, they’re often still susceptible to drive-by URL attacks. And teams focused on incident response are often disconnected from teams that manage corporate identities. In this incident, one click on a malicious link led a large customer to reach out to Microsoft Incident Response for help.

Figure 1. Diagram of a threat actor’s malware moving through the network.

The malicious link the employee clicked infected their device with Qakbot. Qakbot is a modular malware that has been evolving for more than a decade. It’s a multipurpose malware that unfortunately gives attackers a wide range of capabilities. Once the identity-focused threat actor had established multiple avenues of persistence in the network and seemed to be preparing to deploy ransomware, the customer’s administrators and security operations staff were overwhelmed with tactical recovery and containment. That’s when they called Microsoft.

Your first call before, during, and after a cybersecurity incident

Microsoft Incident Response stepped in and deployed Microsoft Defender for Identity—a cloud-based security solution that helps detect and respond to identity-related threats. Bringing identity monitoring into incident response early helped an overwhelmed security operations team regain control. This first step helped to identify the scope of the incident and impacted accounts, take action to protect critical infrastructure, and work on evicting the threat actor. Then, by leveraging Microsoft Defender for Endpoint alongside Defender for Identity, Microsoft Incident Response was able to trace the threat actor’s movements and disrupt their attempts to use compromised accounts to reenter the environment. And once the tactical containment was complete and full administrative control over the environment was restored, Microsoft Incident Response worked with the customer to move forward to build better resiliency to help prevent future cyberattacks. More information about the incident and remediation details can be found on our technical post titled “Follow the Breadcrumbs with Microsoft Incident Response and Microsoft Defender for Identity: Working Together to Fight Identity-Based Attacks.”

Strengthen your identity posture with defense in depth

We know protecting user identities can help prevent incidents before they happen. But that protection can take many forms. Multiple, collaborative layers of defense—or defense in depth—can help build up protection so no single control must shoulder the entire defense. These layers include multifactor authentication, conditional access rules, mobile device and endpoint protection policies, and even new tools—like Microsoft Copilot for Security. Defense in depth can help prevent many cyberattacks—or at least make them difficult to execute—through the implementation and maintenance of layers of basic security controls.

In a recent Cyberattack Series blog post and report, we go more in depth on how to protect credentials against social engineering attacks. The cyberattack series case involved Octo Tempest—a highly active cyberthreat actor group which utilizes varying social engineering campaigns with the goal of financial extortion across many business sectors through means of data exfiltration and ransomware. Octo Tempest compromised a customer with a targeted phishing and smishing (text-based phishing) attack. That customer then reached out to Microsoft Incident Response for help to contain, evict, and detect any further threats. By collaborating closely with the victim organization’s IT and security teams, the compromised systems were isolated and contained. Throughout the entire process, effective communication and coordination between the incident response team and the affected organization is crucial. The team provides regular updates on their progress, shares threat intelligence, and offers guidance on remediation and prevention strategies. By working together seamlessly, the incident response team and the affected organization can mitigate the immediate cyberthreat, eradicate the cyberattacker’s presence, and strengthen the organization’s defenses against future cyberattacks.

Honeytokens: A sweet way to defend against identity-based attacks

Another layer of protection for user identities is the decoy account. These accounts are set up expressly to lure attackers, diverting their attention away from real targets and harmful activities—like accessing sensitive resources or escalating privileges. The decoy accounts are called honeytokens, and they can provide security teams with a unique opportunity to detect, deflect, or study attempted identity attacks. The best honeytokens are existing accounts with histories that can help hide their true nature. Honeytokens can also be a great way to monitor in-progress attacks, helping to discover where attackers are coming from and where they may be positioned in the network. For more detailed instructions on how to tag an account as a honeytoken and best practices for honeytoken use, read our tech community post titled “Deceptive defense: best practices for identity based honeytokens in Microsoft Defender for Identity.”

Working together to build better resilience

Microsoft Incident Response is the first call for customers who want to access dedicated experts before, during, and after any cybersecurity incident. With on-site and remote assistance on a global scale, unprecedented access to product engineering, and the depth and breadth of Microsoft Threat Intelligence, it encompasses both proactive and reactive incident response services. Collaboration is key. Microsoft Incident Response works with the tools and teams available to support incident response—like Defender for Identity, Defender for Endpoint, and now Copilot for Security—to defend against identity-based attacks, together. And that collaboration helps ensure better outcomes for customers. Learn more about the Microsoft Incident Response proactive and reactive response services or see it in action in the fourth installment of our ongoing Cyberattack Series.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report, Microsoft. 2023.

²Microsoft Digital Defense Report, Microsoft. 2022.

³2023 Data Breach Investigations Report, Verizon.

⁴Microsoft Entra: 5 identity priorities for 2023, Joy Chik. January 9, 2023.

The post How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats appeared first on Microsoft Security Blog.

Tax-related fraud campaigns 

Although everyone is susceptible to tax-season phishing, we have noted that certain groups of people are more vulnerable than others. Prime targets include individuals who may be less informed about government tax procedures and methods—green card holders, small business owners, new taxpayers under the age of 25, and older taxpayers over 60.  

At the end of January 2024, Microsoft Threat Intelligence observed a campaign using lures masquerading as tax-related documents provided by employers. The phishing email contained an HTML attachment that directed the user to a fake landing page. This page hosted malicious executables and once the target clicked on the “Download Documents” prompt, malware installed on their computer.  

Figure 1. Phishing email using tax lures.

The malicious executable file dropped on the target’s machine had information stealer capabilities. Once in the environment, it attempted to collect information including login credentials.

Be diligent around phishing emails 

Phishing email campaigns around tax season use a variety of tactics to trick users into believing they represent legitimate sources. These include spoofing the landing pages of genuine services or websites, using homoglyph domains, and customizing phishing links for each user. Threat actors typically impersonate employers and human resources personnel, the Internal Revenue Service (IRS), or taxation-related entities such as state tax organizations or tax preparation services.  

Phishing emails may contain malicious attachments like HTML files, PDF files, or ZIP archives. The cybercriminal tries to exploit the recipients’ trust in the perceived sender to trick them into opening these attachments. When they do, malware is automatically downloaded onto their machine. Threat actors also commonly send URLs that direct users to fraudulent websites that host malware. 

Tax season cybersecurity best practices 

The best defense against cybercriminals, both at tax season and throughout the year, is education and good cyber hygiene. Education means phishing awareness—knowing what phishing attempts look like and what to do when they’re encountered. Good cyber hygiene means implementing basic security measures like multifactor authentication for financial and email accounts. With multifactor authentication enabled, you can prevent 99.9% of attacks on your accounts.  

Ways to help protect yourself from phishing 

Falling for a phishing attack can lead to a number of unwanted outcomes including leaked confidential information, infected networks, financial demands, corrupted data, and more. Here are a few tips to help protect yourself:  

• Inspect the sender’s email address. Is everything in order? A misplaced character or unusual spelling could signal a fake.  
• Be wary of emails with generic greetings (“Dear customer,” for example) that ask you to act urgently. 
• Look for verifiable sender contact information. If in doubt, do not reply. Start a new email to respond instead. 
• Never send sensitive information by email. If you must convey private information, use the phone. 
• Think twice about clicking unexpected links, especially if they direct you to sign into your account. To be safe, log in from the official website instead.  
• Avoid opening email attachments from unknown senders or friends who do not usually send you attachments. 
• Install a phishing filter for your email apps and enable the spam filter on your email accounts. 

To learn more about the latest observed tax season phishing campaigns, social engineering fraud, and tips on how to stay ahead of these types of attacks during tax season and other holidays, read the Microsoft Threat Intelligence tax season report. For a deeper look into social engineering fraud tactics, read Feeding from the trust economy: social engineering fraud, and watch the session from Microsoft Ignite 2023 called The risk of trust: Social engineering threats and cyber defense.

Keeping a pulse on today’s threats

The Microsoft Threat Intelligence team tracks hundreds of threat actor groups worldwide, with more than 10,000 security experts analyzing more than 78 trillion signals daily to uncover the latest insights. Microsoft Threat Intelligence’s global network of security and intelligence teams includes engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across 77 countries. These experts come together to help share timely insights about the ever-expanding attack surface and provide actionable guidance through resources like the annual Microsoft Digital Defense Report, nation-state reports, the Microsoft Threat Intelligence podcast, Cyber Signals report, and digital briefings. To read the latest reports, threat briefs, or learn about the tactics and techniques from some of the more than 300 threat actors that we monitor and to get behind the scenes and watch interviews with threat intelligence experts, visit Security Insider.

Microsoft Threat Intelligence

Read the new tax season report to learn about the techniques that threat actors use to mislead taxpayers.

Read the report

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season appeared first on Microsoft Security Blog.

Software as a service (SaaS) adoption has accelerated at a lightning speed, enabling collaboration, automation, and innovation for businesses large and small across every industry vertical—from government, education, financial service to tech companies. Every SaaS application is now expanding its offering to allow better integration with the enterprise ecosystem and advanced collaboration features, becoming more of a “platform” than an “application.” To further complicate the security landscape, business users are managing these SaaS applications with little to no security oversight, creating a decentralized administration model. All this is leading to a growing risk surface with complex misconfigurations that can expose organization’s identities, sensitive data, and business processes to malicious actors. 

To combat this challenge, Valence and Microsoft Security work together to ensure that SaaS applications are configured according to the best security practices and improve the security posture of identities configured in each individual SaaS application. Together, Valence and Microsoft:  

• Centrally manage SaaS identities permissions and access.
• Enforce strong authentication by ensuring proper MFA (multi-factor authentication) and SSO (single sign-on) enrollment and managing local SaaS users.
• Detect and revoke unauthorized non-human SaaS identities such as APIs, service accounts, and tokens.
• Incorporate SaaS threat detection capabilities to improve SaaS incident response.

As most of the sensitive corporate data shifted from on-prem devices to the cloud, security teams need to ensure they manage the risks of how this data is being accessed and managed. Integrating Valence’s SaaS Security with the Microsoft Security ecosystem now provides a winning solution. 

SaaS applications are prime targets  

Recent high profile breaches have shown that attackers are targeting SaaS applications and are leveraging misconfigurations and human errors to gain high privilege access to sensitive applications and data. While many organizations have implemented SSO and MFA as their main line of defense when it comes to SaaS, recent major breaches have proven otherwise. Attackers have identified that MFA fatigue, social engineering and targeting the SaaS providers themselves can bypass many of the existing mechanisms that security teams have put in place. These add to high-profile breaches where attackers leveraged legitimate third-party open authorization (OAuth) tokens to gain unauthorized access to SaaS applications, and many more attack examples. 

State of SaaS security risks 

According to our 2023 SaaS Security Report which analyzed real SaaS environments to measure their security posture before they implemented an effective SaaS security program. The results showed that every organization didn’t enforce MFA on 100% of their identities—there are some exceptions, such as service accounts, contractors, and shared accounts, or simply lack of effective monitoring of drift. In addition, one out of eight SaaS accounts are dormant and not actively used. Offboarding users is not only important to save costs, but attackers also like to target these accounts for account takeover attacks since they are typically less monitored. Other key stats were that 90% of externally shared files haven’t been used by external collaborators for at least 90 days and that every organization has granted multiple third-party vendors organization-wide access to their emails, files, and calendars. 

Figure 1. Top SaaS Security gaps identified in the 2023 State of SaaS Security Report.

Holistic SaaS security strategy 

Establishing a holistic SaaS security strategy requires to bring together many elements—from shadow SaaS discovery, through strong authentication, identity management of both humans and non-humans, managing and remediating SaaS misconfigurations, enforcing data leakage prevention policies, and finally, establishing scalable incident response. Valence and Microsoft take security teams one step further toward a more holistic approach. 

Valence joined the Microsoft Intelligence Security Association (MISA) and integrated with Microsoft security products—Microsoft Entra ID and ​​​​Microsoft Sentinel—to enhance customers’ capabilities to manage their SaaS risks, effectively remediate them, and respond to SaaS breaches. The Valence SaaS Security Platform provides insight and context on SaaS risks such as misconfigurations, identities, data shares, and SaaS-to-SaaS integrations. Extending existing controls with SaaS Security Posture Management (SSPM) capabilities and SaaS risk remediation capabilities. Valence is also a proud participant of the Partner Private Preview of Microsoft Copilot for Security. This involves working with Microsoft product teams to help shape Copilot for Security product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Copilot for Security’s extensibility. 

Figure 2. Illustrative data: The Valence Platform provides a single pane of glass to find and fix SaaS risk across four core use cases: data protection, SaaS to SaaS governance, identity security, and configuration management. 

Secure SaaS human and non-human identities

In the modern identity-first environment, most attackers focus on targeting high privilege users, dormant accounts, and other risks. Enforcing zero trust access has become a core strategy for many security teams. Security teams need to identify all the identities they need to secure. Microsoft Entra SSO management combined with Valence’s SaaS application monitoring—to detect accounts created—provides a holistic view into human identities and non-human (Enterprise Applications, service accounts, APIs, OAuth and 3rd party apps).  

Microsoft Entra ID centrally enforces strong authentication such as MFA and Valence discovers enforcement gaps or users that are not managed by the central SSO. Valence also monitors the SaaS applications themselves to discover the privileges granted to each identity and provides recommendations on how to enforce least privilege with minimal administrative access. To continuously validate verification based on risks, the final piece of zero trust strategy, Valence leverages the risky users and service principals signals from Microsoft Entra ID and combines them with signals from other SaaS applications for a holistic view into identity risks. 

Protect SaaS applications 

Microsoft has a wide SaaS offering that is fueling enterprise innovation. These services are central to core business functions and employee collaboration, cover many use cases, and are spread across multiple business units, but are tied together in many cases such as identity and access management, and therefore their security posture is often related as well. Managing the security posture of SaaS services can be complex because of the multiple configurations and the potential cross service effects that require security teams to build their expertise across a wide range of SaaS.  

Many security teams view SaaS apps as part of their more holistic view into SaaS security posture management and would like to create cross-SaaS security policies and enforce them. Valence’s platform integrates with Microsoft Entra ID and other SaaS services using Microsoft via Microsoft Graph to normalize the complex data sets and enable security teams to closely monitor the security posture of their SaaS applications in Microsoft alongside the rest of their SaaS environment. 

Enhance SaaS threat detection and incident response 

Improving SaaS security posture proactively reduces the chances of a breach, but unfortunately SaaS breaches can still occur, and organizations need to prepare their threat detection coverage and incident response plans. The built in human and non-human identity threat detection capabilities of Microsoft Entra ID, combined with Microsoft Sentinel log correlation and security automation, and Microsoft Copilot for Security’s advanced AI capabilities, create a powerful combination to detect and respond to threats. Valence expands existing detections from compromised endpoint and identity with important SaaS context—for example, did the compromise device belong to a SaaS admin user? Did the compromised identity perform suspicious activities in other SaaS applications? The expanded detections provide critical insights to prioritize and assess the blast radius of breaches. Additionally, Valence’s SaaS threat detection can trigger threat detection workflows in Microsoft products based on its unique indicator of compromise monitoring. 

Together, Valence and Microsoft combine the best of all worlds when it comes to SaaS security. From SaaS discovery, through SaaS security posture management, remediating risks, and detecting threats—Valence and Microsoft enable secure adoption of SaaS applications. Modern SaaS risks and security challenges require a holistic view into SaaS risk management and remediation. Get started today. 

About Valence Security 

Valence is a leading SaaS security company that combines SSPM and advanced remediation with business user collaboration to find and fix SaaS security risks. SaaS applications are becoming decentrally managed and more complex, which is introducing misconfiguration, identity, data, and SaaS-to-SaaS integration risks. The Valence SaaS Security Platform provides visibility and remediation capabilities for business-critical SaaS applications. With Valence, security teams can empower their business to securely adopt SaaS. Valence is backed by leading cybersecurity investors like Microsoft’s M12 and YL Ventures, and is trusted by leading organizations. Valence is available for purchase through Azure Marketplace. For more information, visit their website. 

Be among the first to hear about new products, capabilities, and offerings at Microsoft Secure digital event on March 13, 2024.​ Learn from industry luminaries and influencers. Register today.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products. 

​​To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post ​​Secure SaaS applications with Valence Security and Microsoft Security​​ appeared first on Microsoft Security Blog.

The need for automation in AI Red Teaming

Red teaming AI systems is a complex, multistep process. Microsoft’s AI Red Team leverages a dedicated interdisciplinary group of security, adversarial machine learning, and responsible AI experts. The Red Team also leverages resources from the entire Microsoft ecosystem, including the Fairness center in Microsoft Research; AETHER, Microsoft’s cross-company initiative on AI Ethics and Effects in Engineering and Research; and the Office of Responsible AI. Our red teaming is part of our larger strategy to map AI risks, measure the identified risks, and then build scoped mitigations to minimize them.

Over the past year, we have proactively red teamed several high-value generative AI systems and models before they were released to customers. Through this journey, we found that red teaming generative AI systems is markedly different from red teaming classical AI systems or traditional software in three prominent ways.

1. Probing both security and responsible AI risks simultaneously

We first learned that while red teaming traditional software or classical AI systems mainly focuses on identifying security failures, red teaming generative AI systems includes identifying both security risk as well as responsible AI risks. Responsible AI risks, like security risks, can vary widely, ranging from generating content that includes fairness issues to producing ungrounded or inaccurate content. AI red teaming needs to explore the potential risk space of security and responsible AI failures simultaneously.

2. Generative AI is more probabilistic than traditional red teaming

Secondly, we found that red teaming generative AI systems is more probabilistic than traditional red teaming. Put differently, executing the same attack path multiple times on traditional software systems would likely yield similar results. However, generative AI systems have multiple layers of non-determinism; in other words, the same input can provide different outputs. This could be because of the app-specific logic; the generative AI model itself; the orchestrator that controls the output of the system can engage different extensibility or plugins; and even the input (which tends to be language), with small variations can provide different outputs. Unlike traditional software systems with well-defined APIs and parameters that can be examined using tools during red teaming, we learned that generative AI systems require a strategy that considers the probabilistic nature of their underlying elements.

3. Generative AI systems architecture varies widely 

Finally, the architecture of these generative AI systems varies widely: from standalone applications to integrations in existing applications to the input and output modalities, such as text, audio, images, and videos.

These three differences make a triple threat for manual red team probing. To surface just one type of risk (say, generating violent content) in one modality of the application (say, a chat interface on browser), red teams need to try different strategies multiple times to gather evidence of potential failures. Doing this manually for all types of harms, across all modalities across different strategies, can be exceedingly tedious and slow.

This does not mean automation is always the solution. Manual probing, though time-consuming, is often needed for identifying potential blind spots. Automation is needed for scaling but is not a replacement for manual probing. We use automation in two ways to help the AI red team: automating our routine tasks and identifying potentially risky areas that require more attention.

In 2021, Microsoft developed and released a red team automation framework for classical machine learning systems. Although Counterfit still delivers value for traditional machine learning systems, we found that for generative AI applications, Counterfit did not meet our needs, as the underlying principles and the threat surface had changed. Because of this, we re-imagined how to help security professionals to red team AI systems in the generative AI paradigm and our new toolkit was born.

We like to acknowledge out that there have been work in the academic space to automate red teaming such as PAIR and open source projects including garak.

PyRIT for generative AI Red teaming 

PyRIT is battle-tested by the Microsoft AI Red Team. It started off as a set of one-off scripts as we began red teaming generative AI systems in 2022. As we red teamed different varieties of generative AI systems and probed for different risks, we added features that we found useful. Today, PyRIT is a reliable tool in the Microsoft AI Red Team’s arsenal.

The biggest advantage we have found so far using PyRIT is our efficiency gain. For instance, in one of our red teaming exercises on a Copilot system, we were able to pick a harm category, generate several thousand malicious prompts, and use PyRIT’s scoring engine to evaluate the output from the Copilot system all in the matter of hours instead of weeks.

PyRIT is not a replacement for manual red teaming of generative AI systems. Instead, it augments an AI red teamer’s existing domain expertise and automates the tedious tasks for them. PyRIT shines light on the hot spots of where the risk could be, which the security professional than can incisively explore. The security professional is always in control of the strategy and execution of the AI red team operation, and PyRIT provides the automation code to take the initial dataset of harmful prompts provided by the security professional, then uses the LLM endpoint to generate more harmful prompts.

However, PyRIT is more than a prompt generation tool; it changes its tactics based on the response from the generative AI system and generates the next input to the generative AI system. This automation continues until the security professional’s intended goal is achieved.

PyRIT components

Abstraction and Extensibility is built into PyRIT. That’s because we always want to be able to extend and adapt PyRIT’s capabilities to new capabilities that generative AI models engender. We achieve this by five interfaces: target, datasets, scoring engine, the ability to support multiple attack strategies and providing the system with memory.

• Targets: PyRIT supports a variety of generative AI target formulations—be it as a web service or embedded in application. PyRIT out of the box supports text-based input and can be extended for other modalities as well. ​PyRIT supports integrating with models from Microsoft Azure OpenAI Service, Hugging Face, and Azure Machine Learning Managed Online Endpoint, effectively acting as an adaptable bot for AI red team exercises on designated targets, supporting both single and multi-turn interactions. 
• Datasets: This is where the security professional encodes what they want the system to be probed for. It could either be a static set of malicious prompts or a dynamic prompt template. Prompt templates allow the security professionals to automatically encode multiple harm categories—security and responsible AI failures—and leverage automation to pursue harm exploration in all categories simultaneously. To get users started, our initial release includes prompts that contain well-known, publicly available jailbreaks from popular sources.
• Extensible scoring engine:​ The scoring engine behind PyRIT offers two options for scoring the outputs from the target AI system: using a classical machine learning classifier or using an LLM endpoint and leveraging it for self-evaluation. Users can also use Azure AI Content filters as an API directly.  
• Extensible attack strategy: PyRIT supports two styles of attack strategy. The first is single-turn; in other words, PyRIT sends a combination of jailbreak and harmful prompts to the AI system and scores the response. It also supports multiturn strategy, in which the system sends a combination of jailbreak and harmful prompts to the AI system, scores the response, and then responds to the AI system based on the score. While single-turn attack strategies are faster in computation time, multiturn red teaming allows for more realistic adversarial behavior and more advanced attack strategies.
• Memory: PyRIT’s tool enables the saving of intermediate input and output interactions providing users with the capability for in-depth analysis later on. The memory feature facilitates the ability to share the conversations explored by the PyRIT agent and increases the range explored by the agents to facilitate longer turn conversations.

Get started with PyRIT

PyRIT was created in response to our belief that the sharing of AI red teaming resources across the industry raises all boats. We encourage our peers across the industry to spend time with the toolkit and see how it can be adopted for red teaming your own generative AI application.

1. Get started with the PyRIT project here. To get acquainted with the toolkit, our initial release has a list of demos including common scenarios notebooks, including how to use PyRIT to automatically jailbreak using Lakera’s popular Gandalf game.
2. We are hosting a webinar on PyRIT to demonstrate how to use it in red teaming generative AI systems. If you would like to see PyRIT in action, please register for our webinar in partnership with the Cloud Security Alliance.
3. Learn more about what Microsoft’s AI Red Team is doing and explore more resources on how you can better prepare your organization for securing AI.
4. Watch Microsoft Secure online to explore more product innovations to help you take advantage of AI safely, responsibly, and securely. 

Contributors 

Project created by Gary Lopez; Engineering: Richard Lundeen, Roman Lutz, Raja Sekhar Rao Dheekonda, Dr. Amanda Minnich; Broader involvement from Shiven Chawla, Pete Bryan, Peter Greko, Tori Westerhoff, Martin Pouliot, Bolor-Erdene Jagdagdorj, Chang Kawaguchi, Charlotte Siska, Nina Chikanov, Steph Ballard, Andrew Berkley, Forough Poursabzi, Xavier Fernandes, Dean Carignan, Kyle Jackson, Federico Zarfati, Jiayuan Huang, Chad Atalla, Dan Vann, Emily Sheng, Blake Bullwinkel, Christiano Bianchet, Keegan Hines, eric douglas, Yonatan Zunger, Christian Seifert, Ram Shankar Siva Kumar. Grateful for comments from Jonathan Spring. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Explore data security resources and trends

Gain insights into the latest data security advancements, including expert guidance, best practices, trends, and solutions.

Get started

The post Announcing Microsoft’s open automation framework to red team generative AI Systems appeared first on Microsoft Security Blog.

Today we released the sixth edition of Cyber Signals, spotlighting how we are protecting AI platforms from emerging threats related to nation-state cyberthreat actors.

In collaboration with OpenAI, we are sharing insights on state-affiliated threat actors tracked by Microsoft, such as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon, who have sought to use large language models (LLMs) to augment their ongoing cyberattack operations. This important research exposes incremental early moves we observe these well-known threat actors taking around AI, and notes how we blocked their activity to protect AI platforms and users.

We are also announcing Microsoft’s principles guiding our actions mitigating the risks of nation-state Advanced Persistent Threats, Advanced Persistent Manipulators, and cybercriminal syndicates using AI platforms and APIs. These principles include identification and action against malicious threat actors’ use notification to other AI service providers, collaboration with other stakeholders, and transparency.

In addition, Microsoft is helping the wider security community to understand and detect the emerging prospects of LLMs in attack activity. We continue to work with MITRE to integrate these LLM-themed tactics, techniques, and procedures (TTPs) into the MITRE ATT&CK®framework or MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems) knowledgebase. This strategic expansion reflects a commitment to not only track and neutralize threats, but also to pioneer the development of countermeasures in the evolving landscape of AI-powered cyber operations.

This edition of Cyber Signals shares insights into how threat actors are using AI to refine their attacks and also how we use AI to protect Microsoft.

Cybercriminals and state-sponsored actors are looking to AI, including LLMs, to enhance their productivity and take advantage of platforms that can further their objectives and attack techniques. Although threat actors’ motives and sophistication vary, they share common tasks when deploying attacks. These include reconnaissance, such as researching potential victims’ industries, locations, and relationships; coding, including improving software scripts and malware development; and assistance with learning and using both human and machine languages. Our research with OpenAI has not identified significant attacks employing the LLMs we monitor closely.

Microsoft uses several methods to protect itself from these types of cyberthreats, including AI-enabled threat detection to spot changes in how resources or traffic on the network are used; behavioral analytics to detect risky sign-ins and anomalous behavior; machine learning models to detect risky sign-ins and malware; Zero Trust, where every access request has to be fully authenticated, authorized, and encrypted; and device health to be verified before a device can connect to the corporate network.

In addition, generative AI has incredible potential to help all defenders protect their organizations at machine speed. AI’s role in cybersecurity is multifaceted, driving innovation and efficiency across various domains. From enhancing threat detection to streamlining incident response, AI’s capabilities are reshaping cybersecurity. The use of LLMs in cybersecurity is a testament to AI’s potential. These models can analyze vast amounts of data to uncover patterns and trends in cyberthreats, adding valuable context to threat intelligence. They assist in technical tasks such as reverse engineering and malware analysis, providing a new layer of defense against cyberattacks. For example, users of Microsoft Copilot for Security have shown a 44% increase in accuracy across all tasks and a 26% faster completion rate. These figures highlight the tangible benefits of integrating AI into cybersecurity practices.¹

As we secure the future of AI, we must acknowledge the dual nature of technology: it brings new capabilities as well as new risks. AI is not just a tool but a paradigm shift in cybersecurity. It empowers us to defend against sophisticated cyberthreats and adapt to the dynamic threat landscape. By embracing AI, we can help ensure a secure future for everyone.

Cyber Signals

See how Microsoft is protecting AI platforms from attempted abuse by nation-state cyberthreat actors.

Read the report

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹What Can Copilot’s Earliest Users Teach Us About Generative AI at Work? Microsoft. November 15, 2023.

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

The post Cyber Signals: Navigating cyberthreats and strengthening defenses in the era of AI appeared first on Microsoft Security Blog.

Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound impact on the identity and access management (IAM) postures of both companies. With a newly combined workforce, where does all the user information live? Where are the authentications going to be handled? What changes are going to be made for authorization to applications; will users have access to the apps of the other organization? All these problems must be solved quickly in order to provide continuous day-to-day operations in a secure way.

While most combined organizations aspire to eventually consolidate their identity systems, this is a challenging and time-consuming process. The untangling (and re-entangling) of dozens or hundreds of enterprise applications and their identity stacks takes time and deliberation. Meanwhile, there may be immense pressure from users and app owners for secure access to the appropriate apps, along with pressure from regulators and investors to unlock and demonstrate value from the combined organization. Not to mention the pressure from investors and the board to deliver immediate value after the transaction’s close.

As one of the most comprehensive and advanced IAM platforms available today, Microsoft Entra ID is often the choice to be the dominant set of identity services in the combined architecture. Microsoft strives to make the merger and acquisition process as easy as possible and works with Strata Identity for a seamless integration. Strata’s Maverics Identity Orchestration platform does this by acting as abstraction layer to accelerate and simplify the path to consolidation.

The identity challenges with mergers and acquisitions

Addressing IAM issues is one of the most pressing issues in a merger and acquisition scenario. Typically, other operational issues such as application workloads can continue to operate in their status quo indefinitely until such time as it makes sense to address them. The cybersecurity implications of user access, however, are immediate and need to be addressed quickly, whether this be through some sort of identity consolidation, or through a higher-level abstraction encompassing the existing systems.

One factor that makes a migration complex is the tendency for applications to be tightly coupled with their current identity provider (IdP). When creating an application, developers and app owners may end up writing code that is very specific to their current IdP. Switching that IdP is seldom trivial, especially for long-lived applications that may have been written against a now-legacy protocol, or may have “rolled their own” authentication and authorization. Very often this calls for a complete rewrite of the application; an onerous task that is particularly daunting years or decades after its inception, when the original app team may be long gone.

This makes the common natural approach of wholesale migration somewhat untenable, especially with the time constraints imposed by governance and regulation. Even disregarding those factors, the sheer expense of refactoring and rewriting a sizable portion of your application library—anything older than about five years is probably using an outdated security profile—is prohibitively expensive.

The end goal in a merger and acquisition scenario is to quickly (and cost effectively) transition to a unified and tractable IAM posture, despite having a mix of user pools, protocols, and applications tightly coupled. Such transitions often need to happen in weeks or months, whereas a wholesale rewrite-and-migration might take years.

Microsoft Entra ID

Safeguard your organization with a cloud identity and access management solution that connects employees, customers, and partners to their apps, devices, and data.

Learn more and try free

Addressing your merger and acquisition challenges with Microsoft Entra ID and Strata Identity

Strata Identity takes a different approach to the challenges of managing disparate identity systems during a merger or acquisition. Instead of focusing on a migration of identities, Strata’s Maverics Identity Orchestration Platform provides an abstraction layer on top of your apps, IdPs, and services to enable you to create your own identity fabric.

The Maverics Platform is composed of individual Orchestrators distributed throughout the target environment. These lightweight Orchestrators can live anywhere within the infrastructure on any operating system within Kubernetes clusters or just on standalone virtual machines. They act as a distributed mesh of control, able to pull identity information from any system—whether that be through directing for authentication or just pulling additional user information for an existing session—and convert identity information into the formats needed and expected by applications.

Importantly, this approach means that existing applications do not need to be refactored or rewritten as part of the identity consolidation process. Any application that cannot be trivially swapped over to a new source of identity information—and, importantly, that isn’t up-to-date on the very latest security practices—is simply harnessed by Maverics. It continues to consume identity information in the way that it has always known and Maverics handles the rest. Sessions that are allowed to flow through to the application have had the Microsoft Entra identity controls applied for both authentication and authorization before the traffic is permitted to reach the application in the first place. Even app owners have their burdens reduced significantly, being needed only for some basic smoke testing during a changeover.

This also allows for a deliberate and calculated roll out of changes to your infrastructure. No more stressful projects with hard cutover dates, with those long all-or-nothing weekend cutovers and the associated frantic testing of every application to make sure everything transitioned smoothly. Using the Maverics platform from Strata allows for measured incremental changes. Cutover a single application, at a time—or even a subset of an application’s users—and test with leisure.

Better yet, if any issues are found the rollback is trivial. Since Maverics is acting as an abstraction layer over the identity process, the swapping between user stores or IdPs is handled in one simple interface. The user is unlikely to notice any impact at all as changes are made—either to migrate to the new identity source or to roll back to the old configuration.

Another benefit of this approach is that user impacting changes can be rolled out with deliberation, giving users a chance to acclimate to any new process. Let’s say, for instance, that as part of your migration you need to add multifactor authentication to a body of users that didn’t use it previously. The identity abstraction layer allows you to notify your users of impending changes, and can even assist in the enrollment of the new security factors.

This abstraction layer lets Maverics serve as the single pane of glass through which you can view the combined identity systems, securely controlling all access while, at the same time, making the incremental updates and changes to move the locus of control from these disparate systems into Microsoft Entra ID.

Strata Identity: The last mile in mergers and acquisitions with Microsoft Entra ID

With Strata’s Maverics Orchestration Platform, mergers and acquisitions don’t have to be a long, risky, and labor-intensive effort. By adding an abstraction layer over the existing identity stacks, Strata makes shifting control of authentication and authorization over to Microsoft Entra ID seamless and simple, regardless of how complex and disjointed the previous implementation might have been. Strata also prevents the nightmare of having to rewrite all your apps, using its ability to harness legacy apps with modern identity protocols to save your team immense time and effort.

About Strata Identity

Strata Identity is a pioneer in Identity Orchestration for multicloud and hybrid cloud. The orchestration recipe-powered Maverics platform enables organizations to integrate and control incompatible identity systems with an identity fabric that does not change the user experience or require rewriting apps. By decoupling applications from identity, Maverics makes it possible to implement modern authentication, like passwordless, and enforce consistent access policies without refactoring apps.

The Maverics platform is available on the Azure Marketplace and is an IP co-sell Benefits Eligible solution.

Learn more

Learn more about Microsoft Entra ID.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.   

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions appeared first on Microsoft Security Blog.

Start your journey with Microsoft towards quantum-safety.

View the questionnaire

We believe the first step every organization should take toward quantum safety is to be aware of the need to organize, plan, and begin an impact assessment. We recommend prioritizing symmetric encryption where applicable and subsequently adopting post-quantum cryptography (PQC) for asymmetric encryption once standardized and approved by relevant setting bodies and governments, as recommended by cybersecurity agencies globally. Furthermore, we are exploring and experimenting with additional classical and quantum security solution layers through internal experiments, POCs, and collaborations with partners. 

Given that preparing for such an objective will be a multi-year and iterative process that requires strategic foresight, it’s crucial for organizations to start investing time in their planning and execution efforts today. Thanks to our extensive experience in quantum engineering and expertise as a service and security provider, we can serve as a trusted partner to navigate this process across industry and government. 

Tomorrow’s quantum computers threaten today’s data 

In our previous blog post, we discussed the limitations of current quantum computers in terms of breaking today’s encryption technology. In parallel, the emergence of scaled quantum computers with specific algorithms—such as Shor’s algorithm—could put public key encryption at risk and compromise sensitive information. 

While it may take at least 1 million qubits for a quantum computer to break certain encryption algorithms using Shor’s algorithm, today’s long-term and sensitive data could already be at risk: bad actors could carry out a “Harvest Now, Decrypt Later” scenario by recording data today and decrypting it later when cryptographically relevant quantum computers become available. Therefore, knowing which data to secure now is a first step on the path to a quantum-safe future.  

Microsoft’s commitment to keeping our customers and partners secure 

Putting our recommendations into practice, we have taken a comprehensive approach to quantum safety. Because quantum will have a material impact on today’s classical encryption of both hardware and software, we’ve invested time and efforts to set cross-company goals and establish accountability at the most senior levels of our organization. This led to the establishment of the Microsoft Quantum Safe Program, which aims to accelerate and advance all quantum-safe efforts across Microsoft from both technical and business perspectives. The program focuses on Microsoft’s transition to quantum safety and the adoption of PQC algorithms across our products, services, and datacenters. Additionally, it aims to assist and empower our customers and partners on their own journey to quantum safety across their processes, priorities, and requirements.  

As the first step and highest priority, we are ensuring the compliance of our existing symmetric key encryption and hash function algorithms. Symmetric algorithms, such as Advanced Encryption Standard (AES), and hash functions, such as Secure Hash Algorithm (SHA), are resilient to quantum attacks, and can therefore still be used in deployed systems. At Microsoft, we are already using protocols based on symmetric encryption, such as Media Access Control Security (MACsec) point-to-point protocol. 

On top of symmetric encryption, we will prioritize PQC algorithms—still in the process of being standardized by global bodies such as the National Institute of Standards and Technology (NIST), International Standards Organization (ISO), and Internet Engineering Task Force (IETF)—to handle future threats where asymmetric encryption is currently used. Today, much of the internet’s data, from e-commerce to Wi-Fi access, is kept secure by public key, or asymmetric key cryptography. Currently used public key algorithms rely on complex mathematical problems considered infeasible for classical computers to break, but that are a perfect task for quantum computers running Shor’s algorithm. This undermines the effectiveness of public key algorithms like RSA and Elliptic Curve Cryptography (ECC), and means that PQC algorithms will need to be deployed quickly once standardized, starting with hybrid encryption schemes in tandem with classical algorithms to accelerate adoption. 

Empowering and collaborating with the global community 

We see the effort to achieve quantum safety as a collaborative effort, and this is why we invest heavily in our ecosystems, global partnerships, and close collaborations with standards-setting bodies, academia, and industry partners alike to foster continuous innovation in the quantum security landscape. The standardization of PQC algorithms, driven by NIST’s efforts, is a key step to achieving PQC compliance.

Because we believe that PQC adoption is the ideal path to follow, we’re collaborating with standard-setting bodies while conducting experiments and assessments to facilitate the adoption of these algorithms across our services and products as needed.  As an example, we are participating in the NIST/NCCoE Migration to PQC to demonstrate vulnerable cryptography detection and drive PQC experiments and integration capabilities. Those efforts, along with our participation in the Open Quantum Safe project, will allow the members to implement and test PQC candidates together, so we can be ready for adoption once the final specs are out.  

Furthermore, as part of our investment to empower and collaborate with the global security community, we co-authored FrodoKEM, a quantum-safe key encapsulation mechanism that has been selected, together with Kyber and Classic McEliece, to be part of the first international ISO standard for PQC (in addition, we are participating as co-editors of the standard). We also recently submitted SQISign, a new quantum-safe signature scheme that we co-authored with several industry and academia partners, to NIST’s call for additional signature schemes. Lastly, we continue to actively participate as founding members of the new post-quantum cryptography coalition by MITRE and will help to drive progress toward a broader understanding of the public adoption of PQC and NIST’s recommendations. 

While we continue to conduct research to further develop state-of-the-art security solutions, we are also exploring the potential of other classical and quantum technologies, such as Quantum Key Distribution (QKD). Holistically, at the core of our mission is a commitment to achieving quantum-safety and ensuring the security of our customers.

Getting started with your PQC transition today  

To support our customers in preparing for and navigating their quantum-safe journey, we offer assistance and guidance: we invite you to start your path with us by filling out this questionnaire. Based on your responses, we can understand your status and priorities, and provide the necessary support, including access to experts.  

As a first step, we recommend starting with a comprehensive planning process and a definition of your organization’s criteria for what constitutes your critical areas and sensitive information, alongside a cryptography inventory and impact assessment of your essential data, code, cryptographic technologies, and the critical services of your organization. This will help you to identify any asymmetric encryption in use that will need to be replaced with the latest PQC standardized algorithms. This process is especially important to identify critical areas and systems that involve or protect sensitive data with a value that extends beyond 10 years and should be prioritized in migrating to PQC. 

By considering which data and code need to be secured now, and which may become less relevant over time, as well as uncovering specific instances where cryptography could be used inappropriately or not ideally, your organization will have a better understanding of where to best mitigate potential risks as a quantum future approaches. This will enable you to confidently make the switch to the latest PQC standardized algorithms and safeguard your sensitive data for years to come. 

Explore CodeQL  

To help, we are contributing to CodeQL: a next-generation program code analysis tool provided by GitHub in collaboration with organizations including NIST and NCCoE. With CodeQL, we are building out a comprehensive set of detections that can empower users to create a complete inventory of all encryption usage within the application layer, helping to produce a cryptographic bill of materials and identify legacy cryptography that requires remediation. This tool can thus help create a cryptography inventory and impact assessment that will drive operational planning and create understanding and clarity around the timeline, resources, and level of risk for which to account.

Try now the Crypto Experience for Resource Estimator  

Furthermore, we recently launched the Crypto Experience for Azure Quantum Resource Estimator. Drawing on published research from Microsoft, this new interactive cryptography experience will show you why a symmetric key could remain safe from quantum attacks, but the current public key is vulnerable. And because it is integrated with Copilot in Azure Quantum, you can use the universal user interface of natural language to ask, learn, and explore more topics within the intersection of quantum computing and cryptography.  

The opportunity to usher in a quantum, and quantum-safe, future is immense. We see how the collective genius of scientists and businesses will revolutionize the building blocks of everyday products to usher in a new era of innovation and growth in many fields. That’s what motivates us at Microsoft to drive new breakthroughs and empower every person and every organization on the planet. Our commitment to our customers, partners, and ecosystem to become quantum-safe and remain secure has never been stronger. We are accountable for having our products and services quantum-resistant and safe and will support and guide our customers through this journey to quantum safety. 

Learn more

• Start your journey with Microsoft towards quantum-safety by filling out this questionnaire. 
• Learn more about our vision of quantum networking.
• Explore the Open Quantum Safe project for prototyping and evaluating quantum-resistant cryptography.
• Visit the Azure Quantum website and check out the Microsoft Quantum Innovator Series webinars.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Starting your journey to become quantum-safe appeared first on Microsoft Security Blog.