Microsoft reveals an increase in the threat of cyber threats
Microsoft has been an important point of reference for the community of cybersecurity experts for yearsthis is because every year it released the Microsoft Security Intelligence Report considered by many to be a real ‘gold standard’ for having a timely and comprehensive on major cyber threats.
This report makes it clear that threat actors have rapidly increased in sophistication over the past yearusing techniques that make them harder to spot and that threaten even the most cunning targets.
Microsoft, in the last year an increase in cyber threats and their danger
Actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting companies have moved their infrastructure to the cloud to hide among legitimate services and attackers have developed new ways to scour the Internet for systems vulnerable to ransomware.
In addition to the attacks becoming more sophisticated, threat actors show clear preferences for certain techniqueswith notable changes towards credential harvesting and ransomware as well a growing attention to Internet of Things devices.
Phishing emails are growing. The five brands most played by scammers and cybercriminals are Microsoft, UPS, Amazon, Apple, and Zoom. Only in 2019 Microsoft blocked 13 billion malicious emails. Phishing operations are often used as the premise of a Business Email Compromise attack; once they take control of a company’s email addresses, scammers send fraudulent invoices to business partners in order to divert customer money into their bank accounts.
Ransomware was by far the largest cyber threat of 2020. The trend continues to grow and is worrying. The two groups “Big Game Hunters” and “Human-operated ransomware” were the two most effective criminal groups of the last 12 months. This is because they carefully select their targets, favoring large state organizationsand their attacking techniques.
Some hacker teams just buy malware from other criminal groupsothers have the tools to continuously scan the web for new vulnerabilities not yet known to the computer research community. Criminal groups often they gain control of a system months before the actual ransomware attack is launched.
However, in 2020, hacker teams dramatically reduced the time to plan and execute the attack. There have been cases where it took no more than 45 minutes from compromising the system to launching the ransomware. Microsoft has identified precise patterns common to a large number of ransomware attacks.
Another major trend noted by Microsoft is the rise of attacks on the supply chain. Groups do not attack their target directly, but they prefer to compromise the providers’ infrastructures, suppliers of managerial tools, open source software libraries or other B2B organizations that have an access key to company networks. The advantage is obvious; if the service provider is compromised, it is also possible to chain access to the infrastructures of client companies.
In 2020 Microsoft has filed over 13,000 reports of attacks conducted by state actors. Most cyber threats are related to Russia, followed by Iran, China and North Korea. The preferred target of hacker networks funded by foreign governments is the United States of Americafollowed by the United Kingdom, Canada, South Korea and Saudi Arabia.