Microsoft Experiences 600 Million Cyberattacks per Day

Cybercrime
,
Cyberwarfare / Nation-State Attacks
,
Finance & Banking

Findings From the Tech Large’s Protection Report 2024 Flag Increasing Menace Panorama

Yamini Kalra •
November 7, 2024    

The cyberthreat landscape continues to be “dangerous and complex,” putting everyone – organizations, users and devices – at risk anywhere and anytime, warned Microsoft in its annual Digital Defense report 2024.

See Also: Advancing Cyber Resiliency With Proactive Data Risk Reduction

The tech big’s clients face greater than 600 million cyberattacks daily, focusing on people, companies and important infrastructure. This surge in cyberthreats is fueled by the convergence of cybercriminal and nation-state actions and accelerated by advances in applied sciences together with synthetic intelligence.

Microsoft monitored greater than 78 trillion indicators per day to seize exercise from practically 1,500 tracked risk actor teams, together with 600 nation-state teams. The report identified an increasing risk panorama dominated by multifaceted assault varieties, together with phishing, ransomware, DDoS assaults and identity-based intrusions.

“If cybercrime had been a rustic, it could have the third-largest GDP, rising sooner than India’s financial system,” stated Irina Ghose, managing director, Microsoft India. International cybercrime prices are projected to achieve $10.5 trillion yearly by 2025. By comparability, Germany – the world’s third-largest financial system – has a GDP of $4.59 trillion.

Surge in Password-Primarily based Assaults and MFA Evasion Methods

Regardless of widespread adoption of multifactor authentication, password-based assaults stay a dominant cyberthreat, making up greater than 99% of all identity-related cyber incidents.

Password spraying, breach replays and brute drive assaults stay major strategies, exploiting customers who choose weak passwords or reuse credentials throughout platforms. Microsoft stated it blocked a mean of seven,000 password assaults per second.

Whereas organizations implementing MFA skilled 80% fewer compromises than these counting on password-only authentication, attackers could also be one step forward. Adversary-in-the-middle, or AiTM, phishing assaults rose 146% in 2024, enabling attackers to deceive customers into finishing MFA on their behalf, bypassing MFA protections.

Token theft, which entails stealing tokens post-authentication to achieve unauthorized entry with out triggering MFA, reached an estimated 39,000 incidents every day. Though fewer than password-based assaults, token thefts replicate a important evolution in id compromise techniques, pushing defenders to reinforce safety monitoring, undertake token safety and incorporate steady entry analysis as adaptive countermeasures.

Blurred Strains Between Nation State Actors and Cybercriminals

Nation state teams are more and more enlisting cybercriminal teams and utilizing them as proxies to fund operations, perform espionage and assault important infrastructure. Two-thirds of noticed nation-state assaults focused the U.S., Israel, Taiwan, Ukraine and the United Arab Emirates, Microsoft stated, highlighting hotspots of geopolitical curiosity and battle.

“Cybercrime has continued to mature as a sturdy and elaborate ecosystem, with cybercriminal teams using a full spectrum of instruments and strategies, together with these discovered, borrowed or stolen from nation-state actors,” stated Igor Tsyganskiy, CISO, Microsoft.

Russia, China, Iran and North Korea are among the many major actors on this area, utilizing cyber techniques as a part of bigger affect operations. In 2024, Russian-affiliated cyber teams infiltrated Ukraine’s networks utilizing instruments corresponding to XWorm and Remcos RAT malware, whereas Iranian actors carried out affect operations within the U.S. and Israel utilizing AI-generated personas to stoke political unrest. The UN estimates North Korean hackers have stolen greater than $3 billion in cryptocurrency since 2017, reportedly financing over half of their nuclear and missile applications.

“These state-sponsored hackers usually are not simply stealing information, however launching ransomware, prepositioning backdoors for future destruction, sabotaging operations and conducting affect campaigns,” stated Tom Burt, company vp, buyer safety and belief, Microsoft.

Crucial infrastructure bore the brunt of main assaults resulting from elements together with the upcoming U.S. elections and the continuing Ukraine-Russia and Israel-Hamas warfare. Essentially the most affected sectors embody authorities, schooling and analysis – focused not just for information theft but in addition to undermine stability and unfold affect. Training establishments, particularly, function testing grounds for superior phishing techniques together with QR code phishing, later weaponized in opposition to broader targets.

Ransomware Is not Going Anyplace

Ransomware remained some of the severe cybersecurity considerations in 2024, evolving from a financially motivated crime to a complicated geopolitical device wielded by nation-state actors. FakePenny, linked to a brand new North Korean actor, focused aerospace and protection organizations after extracting information from their networks.

The report famous a 2.75 fold year-over-year enhance in human-operated ransomware assaults, the place attackers focused at the very least one system inside a community for infiltration. In contrast to automated assaults, human-operated ransomware concerned handbook actions by attackers to disable defenses, extract information and deploy ransomware for max impression.

Microsoft recognized Akira, LockBit, Play, BlackCat and Black Basta as probably the most lively ransomware teams, accounting for 51% of human-operated ransomware encounters, with long-standing techniques that proceed to yield outcomes regardless of elevated world cybersecurity consciousness.

Though ransomware encounters are rising, the share of organizations finally ransomed – the place encryption and information lockout happen – decreased greater than threefold over the previous two years.

Key Actions for Enterprises

• Financially motivated actors corresponding to Octo Tempest and Storm-0539 exploit weak configurations in cloud environments, bypassing MFA. Microsoft recommends organizations to exclude unmanaged units from the community and improve monitoring for cloud id infrastructure.




• AI-powered instruments utilizing machine studying for risk detection to anticipate potential assault patterns can assist mitigate threats from AI-enabled malware. AI allows sooner risk triage, which reinforces group’s defensive stance in opposition to subtle assaults.




• Layered safety, together with endpoint detection and response, options present tamper safety options that may assist forestall attackers from disabling safety settings.




• In gentle of rising AiTM phishing and token theft incidents, organizations have to transition to passwordless options. The report recommends adopting phishing-resistant MFA options, corresponding to FIDO2-compliant passkeys.




• Defenders should think about using threat-informed protection apps to view important belongings from an adversary’s perspective, serving to map out and safe potential assault paths to those “crown jewels.”




• The report underscored the urgency for unified, proactive measures to cut back the amount of cyberthreats. Efficient deterrence would require each technological and geopolitical methods – achievable by two key approaches: stopping intrusions and imposing significant penalties.