Microsoft recently released its 2024 Annual Digital Defense Report, which compiles data from June 2023 to June 2024, shedding light on the latest cyberattacks and digital security trends. The report reveals a staggering 600 million cyberattacks occurring daily, with a significant number linked to password identity theft.
Among the top password-related threats highlighted by Microsoft are:
- Phishing Scams: These involve identity theft through malicious links and deceptive websites.
- Password Spraying: This tactic sees attackers attempting to access multiple accounts using the same password combination.
- Replay Attacks: In this scenario, attackers resend data packets over a network to exploit vulnerabilities.
Additionally, Microsoft emphasizes its focus on digital financial fraud, the evolving role of AI in scams, and the activities of state-sponsored agents in the cybersecurity landscape.
Risks of phishing and fraud
The report highlights a troubling rise in financial fraud scams, mainly through phishing, social engineering, and deepfake technology. “As digital transformation accelerates across various business operations, the creativity and scalability of fraudulent tactics pose significant challenges to global resilience,” the report states.
One of the most alarming findings is the 2.75-fold increase in ransomware attacks compared to the previous year, primarily from email, SMS, or voice phishing attempts. Additionally, technology-related scams have surged by 40% since 2021.
Here are some key trends in cyberattack methods noted in the report:
- Account Takeover Attacks (ATOs)
- QR Code Phishing Attempts
- Exploitation of Web Services and Other Legitimate Tools for Digital Scams
- Business Email Compromise (BEC) Attacks, where scammers impersonate legitimate companies through email communication
- Deepfake Fraud
Impact of AI
The report examines the dual impact of artificial intelligence on cybersecurity, highlighting both its advantages and disadvantages.
On the negative side, cybercriminal organizations have started using generative AI to enhance their phishing techniques, making them more sophisticated, mainly through deepfakes and manipulated audio.
Conversely, cybersecurity professionals are also harnessing AI to detect, anticipate, and mitigate potential threats. Microsoft pointed out that certain AI tools can respond to security alerts and malicious code much faster than human intervention, significantly improving response times and overall security effectiveness.
Cybercrimes of nations and “hybrid warfare.”
Microsoft also highlights the involvement of state-sponsored cybercriminals, particularly in light of ongoing armed conflicts in Ukraine and the Middle East. The company notes a rise in common ransomware and espionage attacks, categorizing these activities as a “hybrid war.”
This term reflects that many cyber operations transcend geographic boundaries, extending beyond the immediate conflict zones and impacting a wider range of targets.
