If you've ever wondered how vulnerable you are to cyberattacks like ransomware, phishing scams and identity theft, a new report from Microsoft might send you looking to lock down your digital information — stat.
Microsoft's new Digital Defense Report says its customers face 600 million cybercriminal and nation-state attacks every day.
According to the report, financially motivated cyberattacks remain a top concern. While there was a 2.75x increase year-over-year in ransomware attacks, there was a threefold decrease in ransom attacks reaching the encryption stage. The most commonly utilized techniques continue to be social engineering — specifically email phishing, SMS phishing and voice phishing.
The report also shows that tech support scams have skyrocketed 400% since 2022. These scammers impersonate tech support or customer service representatives in an attempt to get your credentials or share other sensitive information.
"In the past year, Microsoft observed a significant uptick in tech scam traffic with daily frequency surging from 7,000 in 2023 to 100,000 in 2024. Over 70% of malicious infrastructure was active for less than two hours, meaning they may be gone before they're even detected," Tom Burt, Microsoft's corporate vice president of customer security and trust, wrote in an executive summary of the report.
Politically-motivated cybercrime also remains a persistent threat. The report found that state-affiliated actors — government-backed entities that use cyber attacks to further their country's interests — are increasingly using cybercriminals and their tools.
"Once again, nation-state affiliated threat actors demonstrated that cyber operations — whether for espionage, destruction, or influence — play a persistent supporting role in broader geopolitical conflicts," said Burt.
Over the last year, Burt said Microsoft observed nation-state actors conduct multiple operations, including:
• Russian threat actors appear to have outsourced some of their cyberespionage operations to criminal groups, especially operations targeting Ukraine. In June 2024, a suspected cybercrime group used commodity malware to compromise at least 50 Ukrainian military devices.
• Iranian nation-state actors used ransomware in a cyber-enabled influence operation, marketing stolen Israeli dating website data. They offered to remove specific individual profiles from their data repository for a fee.
• North Korea is getting into the ransomware game. A newly-identified North Korean actor developed a custom ransomware variant called FakePenny, which it deployed at organizations in aerospace and defense after exfiltrating data from the impacted networks—demonstrating both intelligence gathering and monetization motivations.
Also fueling the escalation in cyberattacks, the report found increasing evidence of the collusion of cybercrime gangs with nation-state threat actors — well-resourced groups with a wide variety of political and economic motivations — sharing tools and techniques.
"Most of the nation-state-affiliated cyber threat activity we observed was concentrated around Israel, Ukraine, the United Arab Emirates, and Taiwan," Burt said.
While some groups have used the Russia-Ukraine war and the Israel-Hamas conflict to spread divisive and misleading messages through propaganda campaigns, extending their influence beyond the geographical boundaries of the conflict zones, other foreign threat actors are focused in on the U.S. election.
"Russia, Iran, and China have all used ongoing geopolitical matters to drive discord on sensitive domestic issues leading up to the U.S. election, seeking to sway audiences in the U.S. to one party or candidate over another, or to degrade confidence in elections as a foundation of democracy," Burt said.
"In addition, Microsoft has observed a surge in election-related homoglyph domains — or spoofed links — delivering phishing and malware payloads," he added. "We believe these domains are examples both of cybercriminal activity driven by profit and of reconnaissance by nation-state threat actors in pursuit of political goals."
The report noted that threat actors are experimenting with generative artificial intelligence, with China-affiliated actors favoring AI-generated imagery and Russia-affiliated actors use audio-focused AI — but that it currently doesn't seem to be effective in swaying audiences.