Cybersecurity insights from industry experts.

A Cyber Threat Minute: Cybercrime’s Scope in 60-Second Snapshots

When looking at the scale and scope of worldwide cybercrime, password attacks are the most commonly observed type of threat in a given 60-second period.

Steve Ginty, Principal Program Manager, Microsoft Defender Threat Intelligence (MDTI), Microsoft

October 31, 2022

3 Min Read
polished silver stopwatch marked with 60 second. The arrow is pointing to the 12.
Source: Oleh Svetiukha via Alamy

Cybercrime is big and still growing bigger. It is often difficult to fully grasp the impact online attacks have had over the past decades. We used data from various Microsoft-owned properties and a mix of external sources to illustrate the scale and scope of worldwide cybercrime. Our comprehensive report on malicious activity highlights what is happening around the world within any given 60-second window.

Cyberattacks Vary By Type and Focus

If we’ve learned anything from our examination of last year’s online attacks, it’s that security teams need to be prepared to defend against a wide variety of threats at all times. According to RiskIQ, acquired by Microsoft in 2021, password attacks were far and away the most commonly observed type of threat, clocking in at 34,740 per minute. However, we also saw 1,902 Internet of Things (IoT) attacks and 1,095 distributed denial-of-service (DDoS) attacks during the same 60-second time period.

The threat picture gets even more complex the deeper we dive into internal Microsoft security data. We most commonly blocked email threats, identity threats, and brute-force authorization attacks for our customers.

When we examined a broad range of market data, we uncovered even more attacks. In 2021, seven phishing attacks occurred every minute, one SQL injection attack every two minutes, one new threat infrastructure detection every 35 minutes, one supply chain attack every 44 minutes, and one ransomware attack every 195 minutes. All of this comes together to create a tangled cybercrime landscape that security teams have to contend with.

What Is the True Cost of Cybercrime?

Cybercrime is a highly disruptive force, estimated to cause trillions of dollars in damages globally every year. The cost of cybercrime comes from damage done to data and property, stolen assets — including intellectual property — and the disruption of business systems and productivity.

Here’s a breakdown of how much cybercriminals cost businesses and consumers in 2021 per minute:

  • Worldwide economic impact of cybercrime: $1,141,553

  • Global cybersecurity spend: $285,388

  • E-commerce payment fraud losses: $38,052

  • Global ransomware damages: $38,051

  • Total cost of business email compromise: $4,566

  • Amount lost to cryptocurrency scams: $3,615

  • Average cost of breach: $8

  • Average cost of malware attacks: $5

How should enterprises guard against the disruptions and financial losses that come with a cybersecurity breach? They should start by understanding the full scope of the digital landscape that needs to be protected.

What Should Organizations Expect?

Threat actors are getting savvier about the tools and methods they use for evading detection, bypassing security systems, and perpetrating attacks. In 2021 there were 79,861 new hosts and 7,620 new IoT devices every minute. Likewise, we discovered 150 new domains, 53 new active LetsEncrypt SSL certificates, and 23 new mobile apps created in the same time period. Each of these additions can potentially act as a doorway for threat actors.

Cloud migrations, new digital initiatives, and shadow IT all widen the attack surface. At the enterprise level, that can mean a vast estate spanning multiple clouds and massively complex ecosystems. Meanwhile, cheap infrastructure and flourishing cybercrime economies grow the threat landscape that organizations, in turn, must track. Organizations need to ensure they’re one step ahead by creating a more holistic cybersecurity strategy that protects their operations on all fronts.

To gain control of this dynamic threat landscape, security teams must keep a pulse on new and emerging threats, the latest cybercrime tactics, and the leading tools at their disposal. Microsoft tracks more than 43 trillion signals every day to develop dynamic, hyper-relevant threat intelligence that evolves with the attack surface and helps us to detect and respond to threats rapidly. Our customers can access this intelligence directly to create a deep and unique view of the threat landscape, a 360-degree understanding of their exposure to it, and tools to mitigate and respond.

Read more Partner Perspectives from Microsoft.

Read more about:

Partner Perspectives

About the Author(s)

Steve Ginty

Principal Program Manager, Microsoft Defender Threat Intelligence (MDTI), Microsoft

Steve Ginty is the principal program manager for Microsoft Defender Threat Intelligence (MDTI) at Microsoft.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights