A new annual report from Microsoft details the advanced threats and sophistication with which hackers and cybercriminals are attempting to infiltrate our networks and IT systems.
The Digital Defense Report, released Tuesday, covers cybersecurity trends from the past year and “makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets,” wrote Tom Burt, corporate vice president of customer security and trust, in a company blog.
Burt writes that nation-state actors are engaging in new techniques that increase their chances of compromising high-value targets, criminal groups have moved their infrastructure to the cloud to hide among legitimate services and hackers are developing new methods of searching the internet for vulnerable systems.
With increasing regularity, these groups re engaging in credential harvesting, ransomware and vulnerabilities in IoT devices.
According to the company, email remains one of the most popular methods of compromise. Microsoft blocked over 13 billion malicious and suspicious mails, including 1 billion that were URLS set up to launch a phishing attack.
Between October 2019 and July 2020, ransomware was the most common attack method that sparked an incident response from Microsoft.
For nation-state actors, the most common techniques are reconnaissance, credential harvesting, malware and VPN exploits.
Cybercriminals are also taking advantage of the expanding IoT and are becoming more adept at compromising those devices. According to Microsoft, the first half of 2020 saw an increase of about 35% in total attack volume compared to the second half of 2019.
According to the report, attackers are an opportunistic bunch and are using the news cycles to feed on our fears. For example, hackers are crafting coronavirus-themed phishing emails in an attempt to get credentials and other identifying information.
And, nation-state actors are targeting top firms and organizations involved in the fight against the virus, including government agencies, healthcare organizations, academia and others.
In response to these growing threats, Microsoft has been collaborating with law enforcement and other partners to catch cybercriminals and prevent attacks, resulting in 22 malware disruptions and over 500 million devices rescued from cybercriminals.
“Even with all of the resources we dedicate to cybersecurity, our contribution will only be a small piece of what’s needed to address the challenge,” Burt wrote. “It requires policymakers, the business community, government agencies and, ultimately, individuals to make a real difference, and we can only have significant impact through shared information and partnerships.”