News
Microsoft on Security Landscape: 'The Immediate Outlook Is Pessimistic'
The gates have been well and truly breached, Microsoft warned in its fifth-annual Digital Defense Report.
The 114-page paper, released this week, provides a comprehensive view of cybersecurity trends based on data collected by Microsoft from July 2023 through June 2024. In that time, Microsoft observed signs of collusion between state-sponsored attackers and cybercriminals, growing use of cyberattacks as tools of warfare, an increase in infrastructure and identity attacks, and the use of attacks to manipulate election outcomes.
Tom Burt, corporate vice president of Customer Security & Trust at Microsoft, called the near-term outlook "pessimistic."
"Because these actors conduct both targeted and opportunistic attacks, the threat they present is universal, meaning organizations, users, and devices are at risk anywhere, anytime," he said in the report's introduction, noting that Microsoft itself is far from immune.
As mentioned, much of the concern stems from state-sponsored attackers. Microsoft observed a sharp increase in the intensity of nation-state attacks, driven by ongoing international conflicts and civil turmoil during a big election year. (More in "Time To Take Nation-State Cyberattacks Seriously, Microsoft and Tech Leaders Warn.")
But while politically motivated attacks may be seasonal, financially motivated attacks are evergreen.
Ransomware, Tech Scams, Phishing
Alarmingly, Microsoft found ransomware attempts nearly tripled year over year, though their success rate declined by about the same amount thanks to solutions that provide automatic attack disruption. However, when a ransomware attempt does succeed, it's likely because it found an unmanaged network device to infiltrate using remote encryption; over 90 percent of attacks that make it to the ransom stage take this route.
Among the most-used tactics in the ransomware attacker's arsenal are social engineering methods. Phishing scams are especially damaging; U.S. businesses are expected to lose $3.5 billion to phishing in 2024, according to a Trend Micro study cited in the report.
Microsoft counted 775 million malware-bearing phishing e-mails over the year, with most (56 percent) containing malicious links to entrap users. A smaller but growing portion (25 percent) used QR codes, which are especially tricky because "they appear as an image during mail flow and are unreadable until rendered." The remaining 19 percent of phishing e-mails relied on malicious attachments.
Perhaps worse than phishing scams are what Microsoft refers to as tech scams ("techscam" in the report), which are financially motivated schemes designed to weaken devices against future attacks. According to Microsoft, these schemes "have 10 times the financial impact of phishing."
Tech scams lure users to click on malicious ads masquerading as legitimate entities -- for instance, Microsoft support services, deals on crypto, shopping sales or browser extensions. These malicious ad platforms can leverage the cloud to quickly and cheaply create host pages, then shut them down within hours, often before victims realize the damage.
"The current landscape of techscam is alarming," Microsoft said. In fact, tech scams accounted for over 90 percent of malicious traffic in Microsoft's Edge browser. Overall, the daily volume of Web traffic from tech scams has ballooned by 400 percent since 2022, far outpacing the growth of traffic related to malware and phishing.
In the big picture, Microsoft's customer base faces over 600 million attacks every day -- an overwhelming volume that, it argues, requires a two-pronged approach. "[D]eterrence can be achieved in two ways -- by denial of intrusions or imposing consequences," it said. "While companies like Microsoft can help 'deny' successful cyberattacks via innovation and further improvements in cybersecurity, enforcing international rules with deterrent consequences must fall on governments."
The entirety of Microsoft's Digital Defense Report 2024 can be accessed here.