Today, Microsoft is releasing a new annual report, called the Digital Defense Report, covering cybersecurity trends from the past year. This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware.
In addition to attacks becoming more sophisticated, threat actors are showing clear preferences for certain techniques, with notable shifts towards credential harvesting and ransomware, as well as an increasing focus on Internet of Things (IoT) devices. Among the most significant statistics on these trends:
- In 2019, we blocked over 13 billion malicious and suspicious mails, out of which more than 1 billion were URLs set up for the explicit purpose of launching a phishing credential attack.
- Ransomware is the most common reason behind our incident response engagements from October 2019 through July 2020.
- The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits.
- IoT threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.
Given the leap in attack sophistication in the past year, it is more important than ever that we take steps to establish new rules of the road for cyberspace: that all organizations, whether government agencies or businesses, invest in people and technology to help stop attacks; and that people focus on the basics, including regular application of security updates, comprehensive backup policies and, especially, enabling multi-factor authentication (MFA). Our data shows that enabling MFA would alone have prevented the vast majority of successful attacks.
In past years, cybercriminals focused on malware attacks. More recently, they have shifted their focus to phishing attacks (~70%) as a more direct means to achieve their goal of harvesting people’s credentials. To trick people into giving up their credentials, attackers often send emails imitating top brands. Based on our Office 365 telemetry, the top spoofed brands used in these attacks are Microsoft, UPS, Amazon, Apple and Zoom.
continue reading at Microsoft Blog.
Image featured by Microsoft.