Microsoft Launches Free Security Program for European Governments – Source: securityboulevard.com

Microsoft is offering European countries a stronger cybersecurity program to protect the region from an evolving and increasingly sophisticated threat landscape that now gives ransomware gangs and nation-state-backed threat actors such advanced tools as generative AI.

In an event today in Berlin, Microsoft Vice Chair and President Brad Smith said the IT giant is making its new European Security Program (ESP) available for free to not only the 27 countries that make up the European Union, but also EU accession countries like Ukraine, Turkey, Albania, and Montenegro, members of the European Free Trade Association (EFTA) – Iceland, Liechtenstein, Norway, and Switzerland – and the UK, the Vatican, and Monaco.

The ESP expands on the work already being done in the existing Government Security Program (GSP). With the new program, Microsoft is enhancing how it shares intelligence and works with European partners.

New elements include enhanced sharing of AI-based threat intelligence with European governments – using AI to defend against AI-driven threats – making additional investments to increase the region’s capacity and resilience, and growing Microsoft’s partnerships to disrupt cyberattacks and dismantle cybercriminal networks.

Lumma Stealer Takedown an Example

The most recent example is Microsoft’s work with U.S. and European law enforcement agencies in disrupting the malware-as-a-service (MaaS) operations of the hackers behind Lumma Stealer, a high-profile info-stealing malware that infected almost 400,000 devices around the world, including Europe.

“This new program expands the geographic reach of our existing work and adds new elements that will become critical to Europe’s protection,” Smith wrote in a blog post. “It puts AI at the center of our work as a tool to protect traditional cybersecurity needs and strengthens our protection of digital and AI infrastructure.”

He added that the new program and enhanced elements it contains is a signal to Europe of Microsoft’s “long-term commitment to defending Europe’s digital ecosystem – ensuring that, no matter how the threat landscape evolves, we will remain a trusted and steadfast partner to Europe in securing its digital future.”

A Dangerous Cyber World

That help will be needed. With the persistent threats targeting European networks from nation-state actors – particularly China and Russia, but also Iran and North Korea – and the rise of AI-based cyberattacks, Europe, like the United States, needs help from the likes of Microsoft to defend themselves.

A Microsoft map showed almost every country in Europe as well as the others being targeted by nation-backed threat groups, primarily those from China, with the exception of Ukraine, which is under seemingly constant cyberattack from Russia.

“Nation-state actors, including those engaging in malicious activity from Iran and North Korea, are predominantly pursuing espionage objectives in Europe through credential theft or the exploitation of vulnerabilities to gain access to corporate and government networks,” Smith wrote. “Several campaigns, including those from China, have also targeted academic institutions, compromising accounts to access sensitive research data or conduct geopolitical espionage against think tanks.”

Dealing with RaaS and AI

In addition, ransomware-as-a-service (RaaS) groups are still prominent, with Smith noting the emergence and rising popularity of illicit websites that leak ransomware insights other threat groups can use to run campaigns in Europe.

There then is the influence the use by bad actors AI is having on the behavior of bad actors, with Microsoft threat researchers seeing the emerging technology for everything from reconnaissance, vulnerability research and resource development to scripting techniques, detection evasion, social engineering, and brute force attacks.

“This is why Microsoft now tracks any malicious use of new AI models we release and proactively prevents known threat actors from using our AI products,” Smith said  This also underscores the importance of secure development and rigorous testing of AI models, leveraging AI to benefit cyber defenders, and close public-private partnerships to share the latest insights about AI and cybersecurity.”

Opening the Intelligence Floodgates

In expanding the flow and access to threat intelligence and crime reporting to help European countries that take up the new program to accelerate their response to incidents, Microsoft is making available more data from its Digital Crimes Unit (DCU) – which works to detect and disrupt cybercriminal infrastructure – and its Threat Analysis Center, which monitors cyber-based influence campaigns in Europe.

Other steps the vendor is taking is running a pilot program that embeds DCU researchers at Europol’s European Cybercrime Centre, collaborating with the Western Balkans Cyber Capacity Centre, and funding research for AI in security.

The new program is part of a larger group of five “digital commitments” Microsoft five weeks ago made to the region, with Smith writing at the time that “in a time of geopolitical volatility, we are committed to providing digital stability. … As a multinational company, we believe in trans-Atlantic ties that promote mutual economic growth and prosperity.”

In speaking with Reuters, Smith said, “You’re going to see other things we are doing later in the month [of June].”