News

Microsoft Paints Grim Security Picture: Everyone 'At Risk Anywhere, Anytime'

Microsoft described the cybersecurity outlook as "pessimistic" in its fifth-annual Digital Defense Report released this week.

The 114-page paper provides a grim view of cybersecurity trends based on data Microsoft collected between July 2023 and June 2024. In that time, Microsoft observed signs of collusion between state-sponsored attackers and cybercriminals, growing use of cyberattacks as tools of warfare, and the use of attacks to manipulate election outcomes.

"Because these actors conduct both targeted and opportunistic attacks, the threat they present is universal, meaning organizations, users, and devices are at risk anywhere, anytime," said Tom Burt, Microsoft's corporate vice president of Customer Security & Trust, in the report's introduction.

Much of the concern stems from the sharp increase in nation-state attacks, driven by ongoing international conflicts and civil turmoil during a big election year. But while politically motivated attacks may be seasonal, financially motivated attacks are evergreen.

Alarmingly, Microsoft found ransomware attempts nearly tripled year over year, though their success rate declined by about the same amount thanks to solutions that provide automatic attack disruption. However, when a ransomware attempt does succeed, it's likely because it found an unmanaged network device to infiltrate using remote encryption; over 90 percent of attacks that make it to the ransom stage take this route.

Among the most-used tactics in the ransomware attacker's arsenal are social engineering methods. Phishing scams are especially damaging; U.S. businesses are expected to lose $3.5 billion to phishing in 2024, according to a Trend Micro study cited in the report.

Microsoft counted 775 million malware-bearing phishing e-mails over the year, with most (56 percent) containing malicious links to entrap users. A smaller but growing portion (25 percent) used QR codes, which are especially tricky because "they appear as an image during mail flow and are unreadable until rendered." The remaining 19 percent of phishing e-mails relied on malicious attachments.

Perhaps worse than phishing scams are what Microsoft refers to as tech scams ("techscam" in the report), which are financially motivated schemes designed to weaken devices against future attacks. According to Microsoft, these schemes "have 10 times the financial impact of phishing."

Tech scams lure users to click on malicious ads masquerading as legitimate entities -- for instance, Microsoft support services, deals on crypto, shopping sales or browser extensions. These malicious ad platforms can leverage the cloud to quickly and cheaply create host pages, then shut them down within hours, often before victims realize the damage.

"The current landscape of techscam is alarming," Microsoft said. In fact, tech scams accounted for over 90 percent of malicious traffic in Microsoft's Edge browser. Overall, the daily volume of Web traffic from tech scams has ballooned by 400 percent since 2022, far outpacing the growth of traffic related to malware and phishing.

In the big picture, Microsoft's customer base faces over 600 million attacks every day -- an overwhelming volume that, it argues, requires a two-pronged approach. "[D]eterrence can be achieved in two ways -- by denial of intrusions or imposing consequences," it said. "While companies like Microsoft can help 'deny' successful cyberattacks via innovation and further improvements in cybersecurity, enforcing international rules with deterrent consequences must fall on governments."

The entirety of Microsoft's Digital Defense Report 2024 can be accessed here.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured