Microsoft Warns of Escalating Cyber Threats: 600 Million Daily Attacks and Evolving Tactics

Microsoft warns of 600 million daily attacks and advanced tactics by nation-state actors

Bottom line: A new security report by Microsoft paints a picture of a cyberworld where sophisticated technologies, state-sponsored activities, and criminal enterprises are converging to present unprecedented challenges. A collective effort and vigilance are more essential than ever amid this evolving landscape. Over 600 million cybercriminal and nation-state attacks occur daily, targeting individuals, businesses, and governments alike, according to Microsoft's newly released Digital Defense Report for 2024. A major theme running through the 110-page report is the growing sophistication of cyber attackers. Both cybercriminals and nation-state actors use advanced technologies, including generative AI, to increase the effectiveness of their malicious activities. This technological leap has made attacks more complex and challenging to defend against. One of the most alarming findings is the increasing collaboration between cybercrime gangs and nation-state groups. These unlikely alliances share tools and techniques, blurring the lines between criminal enterprises and state-sponsored cyber operations. This cooperation has also led to more potent and diverse attack strategies. Nation-state actors, in particular, have expanded their cyber operations. Their motivations range from financial gain to intelligence gathering, explicitly focusing on military targets. The report notes that these actors frequently employ info stealers and command-and-control frameworks in their operations. For example, Russian threat actors have reportedly outsourced some of their cyberespionage operations to criminal groups, particularly those targeting Ukraine. In one instance, a suspected cybercrime group compromised at least 50 Ukrainian military devices using commodity malware. Iranian actors have taken a different approach, combining ransomware attacks with influence operations. In a notable case, they marketed stolen data from an Israeli dating website, offering to remove individual profiles for a fee. North Korea has also entered the ransomware arena. The report identifies a new North Korean actor that developed a custom ransomware variant called FakePenny. This malware was deployed against aerospace and defense organizations, showcasing intelligence gathering and financial motivations. Chinese cyber activities remain consistent with previous years, focusing primarily on Taiwan and Southeast Asian countries. The intensity and geographic targeting of these operations have not significantly changed. As the US presidential election approaches, concerns about foreign interference have resurfaced. However, the report suggests that public discourse on this issue is less prominent than in the 2020 election cycle. Nevertheless, Microsoft warns that Russia, Iran, and China are actively exploiting ongoing geopolitical issues to sow discord and undermine confidence in democratic processes. Besides the United States and the United Kingdom, nations experiencing active military conflicts or regional tensions are primary targets. These include Israel, Ukraine, the United Arab Emirates, and Taiwan. Microsoft emphasizes the need for a collaborative approach to address these escalating threats. Redmond is calling for increased cooperation between the public and private sectors - a strategy that needs to include not only technological advancements but also policy changes and improved cybersecurity practices across all levels of society. "This means implementing and enforcing policies and tooling, such as enhanced multifactor authentication and attack surface reduction rules," according to the report. "At the same time, as the threat landscape evolves, securing identities, hardening endpoints, and protecting the cloud infrastructure has become more important than ever."

Ransomware and nation state-backed cyber attacks on the rise, warns Microsoft | BreakingNews.ie

Financially motivated cybercrime and fraud, in particular ransomware attacks, have risen over the last year and remain a "persistent threat", Microsoft has said. The technology giant's annual Microsoft Digital Defence report said it had seen the number of ransomware attacks more than double over the last 12 months. Fraudulent emails, texts and voice messages continue to be the most common way that cybercriminals are able to gain access to users' files, but Microsoft said gaps in cybersecurity because of missed software updates and hackers exploiting known vulnerabilities also continue to be an issue. The report also said the tech giant had seen the number of online scams spotted had risen five-fold in the last two years, with Microsoft now observing around 100,000 scams a day in 2024. The ongoing rise of generative AI, and its potential use to cybercriminals, was flagged in the report - with Microsoft warning that both criminals and nation states were experimenting with the technology to spread misinformation and attempt to influence people. In particular, Microsoft said it was seeing operations linked to China favouring AI-generated imagery, while Russia-linked operations preferred audio-based content. But the report said it had not yet observed such content "being effective in swaying audiences", and AI was also showing signs of being very beneficial to cybersecurity professionals as a tool to help speed up response time to attacks and cyber incidents. Elsewhere in the report, Microsoft said it was increasingly seeing nation states turning to cybercriminals and the tools they use in order to gather intelligence as well as to make financial gain. Tom Burt, corporate vice president for customer security and trust at Microsoft, said the "vast majority" of cyber threat activity it had seen over the last year had come from Russia, China, Iran and North Korea. And the threat report highlighted that much of the nation state activity over the last year had been focused on conflict zones and regions of tensions, in particular Ukraine and the Middle East. "Aside from the United States and the United Kingdom, most of the nation-state affiliated cyber threat activity we observed was concentrated around Israel, Ukraine, the United Arab Emirates, and Taiwan," Mr Burt said. "In addition, Iran and Russia have used both the Russia-Ukraine war and the Israel-Hamas conflict to spread divisive and misleading messages through propaganda campaigns that extend their influence beyond the geographical boundaries of the conflict zones, demonstrating the globalised nature of hybrid warfare." The report said around 75 per cent of Russia's targets had been in Ukraine or a Nato member state, as it said Moscow looked to collect intelligence on the West's policies on the war. It said Russia, along with Iran and China had also been observed driving misinformation campaigns around the upcoming US election as part of efforts to " degrade confidence in elections as a foundation of democracy". "Microsoft customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks," Mr Burt said. "Once again, nation-state affiliated threat actors demonstrated that cyber operations -- whether for espionage, destruction, or influence -- play a persistent supporting role in broader geopolitical conflicts. "Also fuelling the escalation in cyberattacks, we are seeing increasing evidence of the collusion of cybercrime gangs with nation-state groups sharing tools and techniques. "We must find a way to stem the tide of this malicious cyber activity. "That includes continuing to harden our digital domains to protect our networks, data, and people at all levels. However, this challenge will not be accomplished solely by executing a checklist of cyber hygiene measures but only through a focus on and commitment to the foundations of cyber defence from the individual user to the corporate executive and to government leaders.

Iran, Russia and North Korea changed cyber attack tactics in the last year, says Microsoft

Microsoft users face more than 600 million cyber attacks every day, partly fuelled by a growing trend of cyber crime gangs working with nation states, according to a new report by the company. In this year's Digital Defence report, Microsoft said countries like Russia, Iran and North Korea have changed how they worked in the last year, including starting to experiment with AI. "We must find a way to stem the tide of this malicious cyber activity," said Tom Burt, the company's vice president of customer security and trust. "That includes continuing to harden our digital domains to protect our networks, data, and people at all levels." Russia appears to have "outsourced" some of its cyber espionage to criminal gangs, especially around its spying in Ukraine, and in June, a suspected cyber crime group managed to compromise at least 50 Ukrainian military devices. Read more science and technology news: Prostate cancer test shown to 'reduce number of deaths' SpaceX rocket booster makes successful landing after test launch In North Korea, a new piece of ransomware tech was developed called FakePenny, which Microsoft says the country used against defence and aerospace organisations. Iran "placed significant focus on Israel" and is accused of hacking Israeli dating sites. Cyber criminals working for the country then allegedly offered to remove specific users from their hacked databases for a fee. The number of ransomware attacks around the world more than doubled in the last year, according to the report, with hackers tending to use email, SMS and voice scams to try and access users' information. The use of artificial intelligence in cyber attacks also increased in the last year, with criminals linked to Russia and China using AI-generated content to try and trick users. However "so far, we have not observed this content being effective in swaying audiences," said Mr Burt.