update module for AI considerations

Author: ceperezb

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/0-introduction.md

@@ -1,6 +1,6 @@
 This module covers common cyberthreats, business resiliency, secure backup and restore configurations, and security update management.
 
-Imagine that you work for a medium-sized company that has recently experienced a ransomware attack. The attack has caused significant damage to the company's systems and data, and the company is struggling to recover. As a cybersecurity architect, you've been tasked with designing a comprehensive resiliency strategy that protects against ransomware and other attacks. In this module, you learn how to identify and prioritize threats to business-critical assets, design solutions for business continuity and disaster recovery (BCDR) including secure backup and restore for hybrid and multicloud environments, implement ransomware mitigation strategies with emphasis on privileged access protection, and evaluate solutions for security updates. You'll also discover how AI-powered security operations can accelerate threat detection and response.
+Imagine that you work for a medium-sized company that recently experienced a ransomware attack. The attack caused significant damage to the company's systems and data, and the company is struggling to recover. As a cybersecurity architect, you're tasked with designing a comprehensive resiliency strategy that protects against ransomware and other attacks. In this module, you learn how to identify and prioritize threats to business-critical assets, design solutions for business continuity and disaster recovery (BCDR) including secure backup and restore for hybrid and multicloud environments, implement ransomware mitigation strategies with emphasis on privileged access protection, and evaluate solutions for security updates. You'll also discover how AI-powered security operations can accelerate threat detection and response.
 
 ## Learning objectives
 
@@ -11,5 +11,3 @@ In this module, you learn how to:
 * Design solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged access protection.
 * Design solutions for business continuity and disaster recovery (BCDR), including secure backup and restore for hybrid and multicloud environments.
 * Evaluate solutions for security updates.
-
-The content in the module helps you prepare for the certification exam SC-100: Microsoft Cybersecurity Architect.

learn-pr/wwl-sci/design-resiliency-strategy-common-cyberthreats-like-ransomware/includes/1-common-cyberthreats-attack-patterns.md

@@ -1,77 +1,89 @@
 
-
 ### What is the threat landscape?
 
 Whether an organization is large or small, the entirety of the digital landscape with which it interacts represents an entry point for a cyberattack. These can include:
 
--   Email accounts
--   Social media accounts
--   Mobile devices
--   The organization's technology infrastructure
--   Cloud services
--   People
+- Email accounts
+- Social media accounts
+- Mobile devices
+- The organization's technology infrastructure
+- Cloud services
+- AI and machine learning systems
+- People
 
-Collectively, these are referred to as the threat landscape. Notice that the threat landscape can cover more than just computers and mobile phones. It can include any elements that are owned or managed by an organization, or some that aren't. As you learn next, criminals use any means they can to mount and carry out an attack.
+Collectively, these are referred to as the threat landscape. The threat landscape extends beyond traditional computers and mobile phones to include any digital assets owned, managed, or used by an organization. As AI systems become integral to business operations, they expand the threat landscape with new attack surfaces that security architects must address.
 
 ## What are attack vectors?
 
 An attack vector is an entry point or route for an attacker to gain access to a system.
 
 :::image type="content" source="../media/attack-vectors.png" alt-text="Diagram showing eight of the most common attack vectors: Email, Social Media, Removable Devices, Browsers, Cloud Services, Insiders, Devices, and Wireless." lightbox="../media/attack-vectors.png":::
 
-Here are some examples of common attack vectors:
+Common attack vectors include:
 
-- **Email** is perhaps the most common attack vector. Cybercriminals send seemingly legitimate emails that result in users taking action. This might include downloading a file, or selecting a link that will compromise their device. Advanced AI technologies now enable attackers to create highly convincing phishing emails with proper grammar, context-aware content, and personalized details that make detection more difficult.
--   **Removable media**. An attacker can use media such as USB drives, smart cables, storage cards, and more to compromise a device. For example, attackers might load malicious code into USB devices that are later provided to users as a free gift, or left in public spaces to be found. When they're plugged in, the damage is done.
--   **Browser**. Attackers can use malicious websites or browser extensions to get users to download malicious software on their devices, or change a user's browser settings. The device can then become compromised, providing an entry point to the wider system or network.
--   **Cloud services**. Organizations rely more on cloud services for day-to-day business and processes. Attackers can compromise poorly secured resources or services in the cloud. For example, an attacker could compromise an account in a cloud service, and gain control of any resources or services accessible to that account. They could also gain access to another account with even more permissions.
--   **Insiders**. The employees of an organization can serve as an attack vector in a cyberattack, whether intentionally or not. An employee might become the victim of a cybercriminal who impersonates them as a person of authority to gain unauthorized access to a system. This is a form of social engineering attack. In this scenario, the employee serves as an unintentional attack vector. In some cases, however, an employee with authorized access may use it to intentionally steal or cause harm.
+- **Email** is perhaps the most common attack vector. Cybercriminals send seemingly legitimate emails that trick users into downloading malicious files or selecting compromised links. AI technologies enable attackers to create highly convincing phishing emails with proper grammar, context-aware content, and personalized details that make detection more difficult.
+- **Removable media**. An attacker can use media such as USB drives, smart cables, storage cards, and more to compromise a device. For example, attackers might load malicious code into USB devices that are provided to users as a free gift, or left in public spaces. When they're plugged in, the damage is done.
+- **Browser**. Attackers can use malicious websites or browser extensions to get users to download malicious software on their devices, or change browser settings. The device can then become compromised, providing an entry point to the wider system or network.
+- **Cloud services**. Organizations rely more on cloud services for day-to-day business and processes. Attackers can compromise poorly secured resources or services in the cloud. For example, an attacker could compromise an account in a cloud service and gain control of any resources or services accessible to that account.
+- **Insiders**. The employees of an organization can serve as an attack vector in a cyberattack, whether intentionally or not. An employee might become the victim of social engineering, serving as an unintentional attack vector. In some cases, an employee with authorized access may use it to intentionally steal data or cause harm.
+- **AI systems**. Attackers target AI and machine learning systems through prompt injection, adversarial inputs, or supply chain compromises of AI models and training data.
 
 ## What are security breaches?
 
-Any attack that results in someone gaining unauthorized access to devices, services, or networks is considered a security breach. Imagine a security breach as similar to a break-in where an intruder (attacker) successfully breaks into a building (a device, application, or network).
-
-Security breaches come in different forms, including the following:
+Any attack that results in unauthorized access to devices, services, or networks is a security breach. Common forms include:
 
-- Social engineering attacks - In social engineering, impersonation attacks happen when an unauthorized user (the attacker), aims to gain the trust of an authorized user by posing as a person of authority to access a system from some nefarious activity. For example, a cybercriminal might pretend to be a support engineer to trick a user into revealing their password to access an organization's systems. AI-powered tools enable attackers to create convincing deep fake audio or video, making impersonation attacks more sophisticated and harder to detect.
-- Browser attacks - Whether on a desktop, laptop, or phone, browsers are an important access tool for the internet. Security vulnerabilities in a browser can have a significant impact because of their pervasiveness. 
-- Password attacks - A password attack is when someone attempts to use authentication for a password-protected account to gain unauthorized access to a device or system. Attackers often use software to speed up the process of cracking and guessing passwords. 
+- **Social engineering attacks**: Impersonation attacks where an unauthorized user poses as a person of authority to gain system access. AI-powered deepfake audio and video make these attacks more sophisticated and harder to detect.
+- **Browser attacks**: Security vulnerabilities in browsers have significant impact because of their pervasiveness across desktop, laptop, and mobile platforms.
+- **Password attacks**: Attempts to use authentication for password-protected accounts to gain unauthorized access, often using automated tools to crack or guess passwords.
+- **Supply chain attacks**: Attackers compromise software supply chains, including open-source libraries, development tools, and third-party integrations to gain access to downstream targets.
 
 ### What are data breaches?
 
-A data breach is when an attacker successfully gains access or control of data. Using the intruder example, this would be similar to that person getting access to, or stealing, vital documents and information inside the building:
+A data breach occurs when an attacker successfully gains access to or control of data.
 
 :::image type="content" source="../media/data-breach-v3.png" alt-text="Diagram that shows a thief running from an office building." lightbox="../media/data-breach-v3.png":::
 
-When an attacker achieves a security breach, they'll often want to target data, because it represents vital information. Poor data security can lead to an attacker gaining access and control of data. This can lead to serious consequences for the victim, whether that is a person, organization, or even a government. This is because the victim's data could be abused in many ways. For example, it can be held as ransom or used to cause financial or reputational harm.
+Poor data security can lead to attackers gaining access and control of data, resulting in serious consequences for victims. Data can be held for ransom, used to cause financial or reputational harm, or exfiltrated for competitive advantage. In AI systems, data breaches can also expose proprietary model weights, training data, or inference outputs that reveal sensitive business intelligence.
 
 ## Attack chain modeling
 
-An attack chain describes the typical chain of events during an attack that leads to organizational damage. This includes technical and nontechnical steps taken by adversaries or insiders during the attack. It's important to note that there's no single linear path for either insider risk or external attacks. There are many common elements across attacks, but each one can take a unique path.
+An attack chain describes the typical chain of events during an attack that leads to organizational damage. This includes technical and nontechnical steps taken by adversaries or insiders. There's no single linear path for either insider risk or external attacks—many common elements exist across attacks, but each one can take a unique path.
 
-The MCRA includes an attack chain diagram that depicts common techniques related to both external attacks and insider risks, as shown below.
+The Microsoft Cybersecurity Reference Architecture (MCRA) includes an attack chain diagram that depicts common techniques related to both external attacks and insider risks.
 
 :::image type="content" source="../media/microsoft-cybersecurity-reference-architecture-attack-chain.png" alt-text="Diagram of an attack chain M C R A depicting both external attacks and insider risks." lightbox="../media/microsoft-cybersecurity-reference-architecture-attack-chain.png":::
 
-The top portion of this diagram represents common steps seen in many
-external attacks and the Microsoft capabilities that map to each step.
-The bottom portion shows the insider risk leading indicators and how
-Microsoft Purview Insider Risk Management helps quickly identify,
-triage, and act on risky user activity.
+The top portion of this diagram represents common steps in external attacks and the Microsoft capabilities that map to each step. The bottom portion shows insider risk leading indicators and how Microsoft Purview Insider Risk Management helps identify, triage, and act on risky user activity.
 
-Most external attacks include common steps and follow common patterns that are depicted in the diagram above. Most of the variation in external attacks comes from the use of different entry points. Attacks also differ based on the different objectives of the attackers like stealing data, encrypting data, or disrupting business.
+Most external attacks follow common patterns. Variation comes from different entry points and objectives such as stealing data, encrypting data, or disrupting business. Most attacks that result in a major incident include some form of privilege escalation using credential theft, which is mitigated by securing privileged access. For more information, see [securing privileged access](https://aka.ms/SPA).
 
-Most external attacks that result in a major incident include some form of privilege escalation using credential theft, which is mitigated by securing privileged access. For more information, see [securing privileged access](https://aka.ms/SPA).
+### Attack chain frameworks
 
-Lockheed Martin created one of the first adaptations of the 'kill chain' military concept to cybersecurity. This concept of a cybersecurity attack chain it helped mature how organizations understand attacks and plan security controls by viewing attacks as a sequential chain of events. Many organizations use the MITRE ATT&CK framework today for detailed control planning like threat detection coverage.
+Security architects should understand how multiple attack chain frameworks relate to each other:
 
-The diagram below describes how these relate to each other and to a simple
-Prepare-Enter-Traverse-Execute (PETE) model that Microsoft developed to
-improve communications with business leaders and nonsecurity
-professionals.
+- **MITRE ATT&CK**: The most widely adopted framework for detailed control planning and threat detection coverage. It provides a comprehensive matrix of attacker tactics, techniques, and procedures (TTPs) that security teams use to map detective controls and identify coverage gaps.
+- **Lockheed Martin Cyber Kill Chain**: One of the first adaptations of the military kill chain concept to cybersecurity. It defines sequential phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives.
+- **PETE model**: A simplified framework developed by Microsoft to improve communications with business leaders and nonsecurity professionals. PETE stands for Prepare, Enter, Traverse, Execute.
 
 ![Diagram of how MITRE ATT&CK, PETE, and Lockheed Martin kill chain map to each other.](../media/attack-chains.png)
 
-Attackers can choose different techniques to achieve each goal of prepare, enter, traverse, and execute objectives. Attackers may also use a combination of techniques or the same technique over and over again iteratively to achieve their objectives.
+Attackers can choose different techniques to achieve each objective across prepare, enter, traverse, and execute phases. They may use a combination of techniques or apply the same technique iteratively.
+
+All security best practices in the MCRA and Microsoft Cloud Security Benchmark (MCSB) are intended to reduce risk of attackers succeeding. Several MCRA best practices focus directly on security operations aspects—detect, respond, recover.
+
+## AI-specific cyberthreats
+
+As organizations adopt AI technologies, security architects must address threats that specifically target AI systems. These threats require understanding beyond traditional cybersecurity frameworks.
+
+### AI threat landscape
+
+The MITRE ATLAS (Adversarial Threat Landscape for AI Systems) framework provides a structured knowledge base of adversarial tactics and techniques against AI systems, complementing MITRE ATT&CK for traditional systems. Key AI-specific threats include:
+
+- **Prompt injection**: Attackers craft malicious inputs designed to manipulate AI language models into bypassing safety controls, disclosing system instructions, or performing unauthorized actions. This includes both direct prompt injection (targeting the model directly) and indirect prompt injection (embedding malicious instructions in data the model processes).
+- **Model poisoning and data poisoning**: Attackers corrupt training data or manipulate the model training process to introduce backdoors or biases. This can occur through supply chain compromises of training datasets or model repositories.
+- **Jailbreaking**: Techniques that circumvent AI system safety restrictions to produce harmful, inaccurate, or unauthorized outputs.
+- **Adversarial perturbation**: Carefully crafted inputs that appear normal to humans but cause AI models to make incorrect classifications or predictions.
+- **Model theft and inversion**: Attackers extract proprietary model parameters through repeated querying, or use model outputs to reconstruct sensitive training data.
+- **Training data exfiltration**: Extraction of sensitive or proprietary data used to train AI models, potentially exposing personal information, trade secrets, or intellectual property.
 
-All of the security best practices in the MCRA and MCSB are intended to reduce risk of attackers succeeding. Several MCRA best practices focus directly on the security operations aspects of external attacks - detect, respond, recover.
+When designing security strategies, use threat modeling practices specific to AI and machine learning systems. Evaluate AI systems across the full lifecycle—data collection, model training, deployment, and inference—to identify vulnerabilities at each stage.