- Over 13 billion malicious and suspicious mails blocked in 2019, of which more than 1 billion were phishing credential attacks
- As COVID-19 spreads, cybercriminals pivoted lures to imitate trusted sources like the World Health Organization (WHO) and other national health organizations, to get users to click on malicious links and attachments
- Ransomware most common reason behind incident response engagements from October 2019 to July 2020
- Most common attack techniques by nation-state actors in the past year are reconnaissance, credential harvesting, malware, and Virtual Private Network (VPN) exploits
ASIA PACIFIC, 30 SEPTEMBER 2020 – Microsoft today unveiled global findings from its new annual Digital Defense Report analyzing trillions of threat signals and identifying cybersecurity threats and trends from the past year. The report found that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot, threatening even the savviest targets.
The analysis is informed by telemetry from the more than 1.2 billion PCs, servers and IoT devices that accessed Microsoft services, as well as data from 630 billion authentication events, 470 billion emails analyzed for threats and over 18 million URLs scanned.
Microsoft telemetry showed that China, the United States, and Russia were hit the hardest, but every country in the world saw at least one COVID-19-themed attack, with the volume of successful attacks in countries experiencing COVID-19 outbreaks increasing, as fear and the desire for information grew.
“Cyberattacks are evolving every day. As the Digital Defense Report notes, cybercriminals are opportunistic and have capitalized on interest and fear related to the COVID-19 pandemic and other disruptive events. They have expanded the way they leverage computers that are infected with malware, adding modules or changing the nature of the attacks for which they leverage them. They have also focused on targeting their ransomware activities toward entities that cannot afford to be offline or without access to records during critical periods of the pandemic, like hospitals and medical research institutions,” said Mary Jo Schrade, Assistant General Counsel, Microsoft Digital Crimes Unit, Asia. “Concerted efforts from organizations, governments and businesses are key to addressing these wide-ranging online threats.”
Since 2010, Microsoft’s Digital Crimes Unit has collaborated with law enforcement and other partners on 22 malware disruptions, resulting in over 500 million devices rescued from cybercriminals.
Insights on criminal groups, nation-state actors and ransomware
Cybercriminals were opportunistic and have switched lure themes daily to align with news cycles, as seen in their use of the COVID-19 pandemic. Adversaries used worldwide concern over COVID-19 to socially engineer lures around collective anxiety and the flood of information associated with the pandemic.
Nation-states have also shifted targets to align with the evolving political goals in the countries where they originate. COVID-themed attacks targeted prominent governmental healthcare, academic and commercial organizations in an effort to perform reconnaissance on their networks or people. In the past year, 90% of nation-state notifications have been sent to organizations that do not operate critical infrastructure – including non-governmental organizations (NGOs), advocacy groups, human rights organizations, and think tanks.
With ransomware, cybercriminals leverage occasions such as holidays, that will impact an organization’s ability to make changes (such as patching) to harden their networks. They are aware of business needs that will make organizations more willing to pay ransoms than incur downtime, such as during billing cycles in the health, finance, and legal industries – and have exploited the COVID-19 crisis to demand ransom.
The human element to cybersecurity
With COVID-19 accelerating work-from-home practices, traditional security policies within an organization’s perimeter have become much harder to enforce across a wider network made up of home and other private networks and unmanaged assets in the connectivity path. Cybercriminals are also targeting employees with sophisticated phishing campaigns designed to capture their login credentials. During the first half of 2020, there was an increase in identity-based attacks using brute force on enterprise accounts.
Addressing the threats posed by the human element is fundamental. “Organizations should adopt stronger cyber hygiene practices and tools to safeguard employees and infrastructure. These include adopting multi-factor authentication, using good email hygiene (including limiting or disabling auto-forwarding of emails), timely patching and updating of apps and software, and putting in place network segmentation to keep cybercriminals from easily accessing the entire network if they do gain access,” added Schrade.
For a comprehensive analysis on the Digital Defense Report, please visit the official blog post: https://blogs.microsoft.com/on-the-issues/2020/09/29/microsoft-digital-defense-report-cyber-threats/
Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.
For more information, please contact: