Microsoft has been releasing in-depth security reports for more than 15 years as a way to highlight emerging trends in cybersecurity. Our latest report, the "Microsoft Digital Defense Report 2022," explores the most pressing cyber threats and offers guidance on how organizations can harden their cyber defenses.
Informed by insights from trillions of daily security signals, here's an overview of part one of the report, "The State of Cybercrime," which addresses three key cybercrime trends. Read on to learn how your organization can better protect its operations.
Growing CaaS Economy Fuels Novel Attacks
Cybercrime-as-a-service (CaaS) is growing, becoming a robust ecosystem of online services that facilitate cybercrimes including business email compromise (BEC) and human-operated ransomware. In particular, we have seen a growing number of CaaS sellers offering compromised credentials, and many CaaS services and products come equipped with enhanced features that are designed to evade detection.
Microsoft blocked 2.75 million site registrations in 2022, preventing threat actors from using these sites to conduct attacks across the globe.
Emboldened by this growing CaaS economy, threat actors have begun creating new ways to implement techniques and host their operational infrastructure. They might intentionally compromise businesses as a way to host phishing campaigns and malware. Or they might leverage compromised businesses' computing power to mine cryptocurrency. We're also seeing Internet of Things (IoT) devices become a larger target for cybercriminals who use widespread botnets. When routers are unpatched and left exposed directly to the Internet, threat actors may be able to gain easy access to networks, execute malicious attacks, and even support their operations.
Organizations can respond by implementing cyber hygiene best practices and providing cybersecurity training for employees, with specific guidance on how to avoid being socially engineered. We also recommend that you conduct regular, automated user activity anomaly checks, as well as update and secure routers on both corporate and private networks.
Threat Actors Becoming More Politically Motivated
2022 saw a rise in hacktivism, with private citizens conducting cyberattacks to further social or political goals. Take Russia's invasion of Ukraine, for example. Thousands of individuals were mobilized to launch cyberattacks, creating an urgent need for the technology industry to come together and create a comprehensive response to this growing threat.
Similarly, Microsoft observed threat actors using current events, such as the Ukrainian conflict and COVID-19, to create hyper-realistic, targeted phishing attacks. These attacks leverage news stories to entice consumers to click on malicious links or provide sensitive information that would then enable attackers to gain access to internal networks.
Open source users are particularly vulnerable to hacktivism and other geopolitically motivated threats, so we recommend keeping a heightened watch during times of geopolitical strife.
Cybercriminals Increasingly Turn To Ransomware
Finally, 2022 was a year of indiscriminate phishing and credential theft. Cybercriminals use these attack vectors to gain information that is then sold and leveraged in more targeted attacks, such as ransomware, data exfiltration and extortion, and BEC. Half of all Microsoft cybersecurity recovery engagements were related to ransomware incidents in 2022.
Ransomware attacks are especially worrisome as critical infrastructure, businesses of all sizes, and state and local governments are being targeted by criminals leveraging a growing cybercriminal ecosystem. Not only are ransomware attacks becoming larger in scope, but their effects have also become more wide-ranging. The government and private sector will need to collaborate closely in order to create a coordinated response plan.
When looking at organizations that were impacted by ransomware attacks, common vulnerabilities included weak identity controls, ineffective security operations, and incomplete data protection strategies. Organizations looking to shore up their defenses can start by evaluating their own security procedures to see whether they contain similar weaknesses.
While cybercrime is an ever-looming threat, security teams can take a number of steps to better protect their organizations. You just need to understand how cybercriminals operate and where your vulnerabilities lie.
Read more: Trends In Device and Infrastructure Attacks (Part 2) and Nation-State Threats and Cyber Mercenaries (Part 3)