In its latest report on the current state of cybersecurity, technology giant Microsoft found attackers continue to use ransomware and phishing in their cyber attacks. The report shares unique insights on impending digital threats from over 130 Microsoft experts and contributors.
According to Microsoft, attacks on passwords per second increased by 74% in the last year alone and many of these fueled ransomware attacks, leading to ransom demands that more than doubled. The report attributes most of the attacks on law enforcement operations and geopolitical events in the last year.
“Cybercrime has grown more intricate over the years. We are seeing attacks that are much faster, more deliberate, and smarter,” said Abbas Kudrati, chief cyber security advisor of Microsoft Asia Pacific. “The trillions of data signals we analyze from our worldwide ecosystem of products and services reveal the ferocity, scope, and scale of digital threats across the globe.”
Based on the report, the shift to remote work in 2020 and 2021 saw a substantial increase in phishing attacks aiming to capitalize on the changing work environment. Phishing attacks, a common entry point for most cyberattacks, have increased by over 300% worldwide, with over 710 million phishing emails blocked weekly in 2021 alone.
Nation-state cyber threats
The two cyberattacks are only amplified by nation-state threats — cyber threat activities that originate in a specific country with the apparent intent of furthering national interests. In recent years, nation-state threats have caused growing tension between countries, which further drives the importance of strengthening cybersecurity postures. Microsoft underscores that nation-state groups’ targeting of critical infrastructure increased by 40% in the past year alone, with actors focusing on companies in the IT sector, financial services, transportation systems, and communications infrastructure.
“Microsoft is taking action to defend our customers and the digital ecosystem against these threats, and throughout the Digital Defense Report we offer our best advice on the steps individuals, organizations, and enterprises can take to defend against these increasing digital threats,” Kudrati said.
The annual report draws from the company’s unique vantage point on security. With billions of global customers, Microsoft is able to aggregate security data from over 1.4 billion devices powered by Windows worldwide and 43 trillion signals and threats analyzed daily. These factors, along with a $20 billion investment in cloud security over the next five years, give Microsoft a high-fidelity picture of the current state of cybersecurity.
Basic security practices
“Given the increase of rampant cyberattacks, we cannot guarantee 100% security against cybercrime. However, we need to start thinking about how we can create a more resilient environment,” said Kudrati. “Organizations need to develop a plan that focuses on minimizing the impact and improving recovery time against attacks. It is crucial for them to find the right technology to keep them protected and resilient.”
Microsoft emphasized the importance of adherence to basic security practices and behaviors — enabling multi-factor authentication, applying security patches, being intentional about privileged s, and deploying modern security solutions from any leading provider. The average enterprise has 3,500 connected devices that are not protected by basic endpoint protections, and attackers take advantage.