According to Microsoft’s Digital Defense record, which was released on October 15, the number of attempted malware attacks on Microsoft customers worldwide has increased significantly in the past year. However, developments in involuntary attack disruption technologies have resulted in fewer of these attacks reaching the crypto phase.
Microsoft reported 600 million cybercrime and nation-state problems occurring regularly. While malware attempts increased by 2.75 days, successful ransomware efforts decreased by threefold.
Major attack types include deepfakes, e-commerce fraud
Microsoft says it” tracks more than 1, 500 unique risk groups — including more than 600 nation-state risk professional organizations, 300 crime groups, 200 effect operations groups, and hundreds of others”. The best five ransom people — Akira, Lockbit, Play, Blackcat, and Basta — accounted for 51 % of documented problems.
According to the report, adversaries most frequently exploit social engineering, personality concessions, and risks in public-facing programs or unpatched operating systems. When inside, they frequently tamper with safety items or place remote monitoring tools. Notably, 70 % of successful attacks involved remote encryption, and 92 % targeted unmanaged devices.
Another main types of attacks included:
- Network attacks.
- Cyber-enabled financial scam.
- Attacks on e-commerce spaces, where credit card transactions do n’t require the card to be physically present.
- Impersonation.
- Deepfakes.
- Account acquisition.
- Almost 99 % of attacks were password fraud, including identity and social architecture.
- SIM switching.
- Social engineering at the support desk, where hackers pretend to be customers to change passwords or connect fresh products.
- Credential phishing, mainly through phishing-as-a-service tasks. These are frequently brought on by HTML or PDF parts that contain harmful URLs.
- DDoS problems, which caused a worldwide failure earlier this year.
In addition, browser tampering was a significant person in the previous month: over 176, 000 incidents that Microsoft Defender XDR discovered in 2024 included security settings tampering.
Notice: Ransomware hackers can use backup information to extort money from customers.
Nation-state, economically determined stars share tactics
Both financially-motivated danger stars and nation-state players increasingly use the same data stealers and command-and-control systems, Microsoft found. Ironically, financially-motivated actors then start sky personality bargain attacks — a tactic formerly associated with nation-state attackers.
” This time, state-affiliated risk players increasingly used legal tools and tactics— and even crooks themselves — to advance their interests, blurring the lines between nation-state backed malicious action and fraudster activity”, the report stated.
Microsoft tracks major threat actor groups from Russia, China, Iran, and North Korea. These nation-states may either use financial threat actors to make money or ignore what is happening within their borders.
According to Tom Burt, Microsoft’s corporate vice president of customer security and trust, the ransomware issue highlights the connection between nation-state activities and financially motivated cybercrime. Countries that either profit from these operations or fail to take steps to combat cybercrime within their borders, making this issue even more problematic.
Expert Evan Dornbush, former NSA cybersecurity expert, offers perspectives on the matter:
In an email to TechRepublic, he wrote,” This report signals one trend that is currently receiving little attention and likely to define the future of cyber: the amount of money criminals can make.”  ,” Per the Microsoft report, government, as a sector, only makes up 12 % of the aggressors ‘ targeting sets. The majority of the victims are found in the private sector.
This year, the nation-state threat actors targeted the following industries:
- IT.
- Education.
- Government.
- Think tanks and NGOs.
- Transportation.
generative AI is used by both the attacker and the defender.
Generative AI introduces a new set of questions. Microsoft advises limiting generative AI’s access to sensitive data and making sure that data governance guidelines are followed when using it. The report outlines AI’s significant impacts on cybersecurity:
- As both attackers and defenders are using AI tools more frequently.
- With AI, nation-state actors can create deceptive audio and video.
- AI spear phishing, résumé swarming, and deepfakes are now common.
- Conventional strategies for limiting foreign influence operations may no longer be effective.
- Some of the risks posed by the use of AI tools can be reduced by AI policies and principles.
- Although many governments concur that security is a crucial component of AI development, many others pursue it differently.
According to Burt,” the sheer volume of attacks must be reduced by effective deterrence,” and while the industry must do more to stop attackers ‘ efforts through better cybersecurity, this needs to be combined with government action to enshrine the results that further deter the most harmful cyberattacks.
How organizations can prevent common cyberattacks
Organizations can take steps to stop particular kinds of attacks, according to the Microsoft report. TechRepublic distilled some enactable ideas that are applicable to all industries:
- Implementing policies like those for multi-factor authentication and attack surface reduction will help to stop attacks at the technique layer.
- Similarly, use” secure-by-default” settings, which make multi-factor authentication mandatory.
- Use strong password protection.
- Test pre-configured security settings, such as security defaults or managed Conditional Access policies, in report-only mode to understand their potential impact before going live.
- Classify and label sensitive data, and have DLP, data lifecycle, and Conditional Access policies around high-risk data and high-risk users.
Following the Chinese infiltration of Microsoft government email accounts in July 2023, Microsoft implemented its Secure Future Initiative this year.
