Microsoft blocked over 13 billion malicious and suspicious mails in 2019, of which more than 1 billion were phishing credential attacks.
In 2020, the tech giant is busy tackling misinformation around Covid-19 as cybercriminals pivoted lures to imitate trusted sources like the World Health Organisation (WHO) and other national health organizations, to get users to click on malicious links and attachments.
COVID-themed attacks are targeting prominent governmental healthcare, academic, and commercial organizations to perform reconnaissance on their networks or people, according to Microsoft’s annual Digital Defense Report.
“In the past year, 90 percent of nation-state notifications have been sent to organizations that do not operate critical infrastructure — including non-governmental organizations (NGOs), advocacy groups, human rights organizations, and think tanks,” it said.
China, the US, and Russia were hit the hardest but every country in the world saw at least one COVID-19-themed attack.
The report found that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot, threatening even the savviest targets.
The data were gathered from over 1.2 billion PCs, servers, and Internet of Things (IoT) devices that accessed Microsoft services, as well as 630 billion authentication events, 470 billion emails, analyzed for threats, and more than 18 million URLs scanned.
“Cybercriminals are opportunistic and have capitalized on interest and fear related to the Covid-19 pandemic and other disruptive events.
“They have also focused on targeting their ransomware activities toward entities that cannot afford to be offline or without access to records during critical periods of the pandemic, like hospitals and medical research institutions,” said Mary Jo Schrade, Assistant General Counsel, Microsoft Digital Crimes Unit, Asia.
Since 2010, Microsoft’s Digital Crimes Unit has collaborated with law enforcement and other partners on 22 malware disruptions, resulting in over 500 million devices rescued from cybercriminals.
With ransomware, cybercriminals leverage occasions such as holidays, that will impact an organization’s ability to make changes (such as patching) to harden their networks.
“They are aware of business needs that will make organizations more willing to pay ransoms than incur downtimes, such as during billing cycles in the health, finance, and legal industries – and have exploited the Covid-19 crisis to demand ransom”.
Cybercriminals are also targeting employees with sophisticated phishing campaigns designed to capture their login credentials.
“During the first half of 2020, there was an increase in identity-based attacks using brute force on enterprise accounts,” Microsoft said.
Microsoft warned that IoT threats are constantly expanding and evolving, with the first half of 2020 has witnessed an approximate 35 percent increase in total attack volume compared to the second half of 2019.
To trick people into giving up their credentials, attackers often send emails imitating top brands.
“Organisations should adopt stronger cyber hygiene practices and tools to safeguard employees and infrastructure. These include adopting multi-factor authentication, using good email hygiene (including limiting or disabling auto-forwarding of emails), timely patching and updating of apps and software,” Schrade elaborated.