Data from the Microsoft Digital Defense Report 2021

According to the recent Microsoft Digital Defense Record, cybercrime has become more sophisticated and widespread in 2021.

Cybercriminals have targeted infrastructure, healthcare, fintechs and many other key institutions in the life of each of us, thus paralyzing companies and harming consumers.

An increase in cyberattackscorresponds to greater attention to this issue, leading governments to approve and devise new laws on cybersecurity and increasing resources in order to fight IT crime.

Earlier this month, Microsoft released the new Digital Defense Report (MDDR),tapping into more than 24 trillion daily security signals across the cloud, endpoints, and the Intelligent Edge.

MDDR 2021 is based on last year's report and contains input from more than 8,500 IT security experts in 77 countries, including insights into the evolving state of ransomware, phishing emails, and malware.

What is Ransomware

Ransomware – also known as"big game ransomware"– offers a low-investment, high-profit business model for this to attract the interest of IT criminals.

In the past it only affected attacks on single PCs, but over time it has come to attack and block entire networks, through extortion methods to hit both data and reputation.

Ransomware is becoming a modular system, a real company, as in the case of Ransomware as a Service (RaaS).

The RaaS ransomware

In the case of RaaS there is not a single individual behind a ransomware attack but real hacking groups,a kind of criminal syndicate in which each member is paid for a particular cybercrimeexpertise.

Once a network is compromised, confidential information, financial documents and much more can be stolen.

After an analysis of the data, a ransom note will take place not only to unlock the victim's systems, but also to prevent the public disclosure of the exfiltered data.

This is known as a double extortion attack:a victim is blackmailed to get a ransom on the stolen data and intellectual property (IP) and then again to prevent the attacker from publishing them.

Both the private sector and government agencies, through civil litigation, prosecution, regulatory enforcement, and international collaboration, can take coordinated action against ransomware intermediaries to disrupt the payment process.

Data from Microsoft's Detection and Response Team (DART) shows that the three sectors most targeted by ransomware were consumer, financial, and manufacturingin 2021.

As in all CASESOF IT attacks, the best way to be prepared is to make it more difficult for attackers to access the systems.

Phishing

Reports of phishing attacks doubled in 2020.

The Microsoft Digital Crimes Unit (DCU) has investigated online organized crime networks involved in corporate email compromise (BEC)

finding a broad diversification of how stolen credentials are obtained, verified and used.

Also in this case there are more and more agencies involved in the design and dissemination of these malware.

As noted in the Microsoft Exchange global email flow, the number of phishing emails increased from June 2020 to June 2021, with a pronounced surge in November, with a noticeable increase during the holidays.

"In 2020, the industry saw a wave of phishing campaigns that remained constant throughout 2021. Internally at Microsoft, there has been an increase in the overall number of phishing emails, a downward trend in emails containing malware, and an increase in voice phishing (or vishing)." (MDDR 2021)

Phishing sites often copy known and legitimate login pages to trick users into entering their credentials.

Microsoft Defender SmartScreen detected more than a million unique domains used in web phishing attacks in the past year, of which compromised domains accounted for just over 5%.

These domains typically host attacks on legitimate websites without interrupting their traffic.

The attack usually remains hidden for a long time, while illegitimate websites tend to be active for periods of just one to two hours.

For this reason Microsoft is again co-sponsoring the annual Terranova Gone Phishing Tournament™,which uses real-world simulations to establish accurate clickthrough statistics.

Malware

Just like phishing, malware has continued to evolve.

Microsoft 365 Defender Threat Intelligence has observed recent innovations that can lead to greater success among attackers:

For example also with a number of attack targets – ransom, data exfiltration, credential theft, espionage.

In every month from August 2020 to January 2021, we recorded an average of 140,000 shell web threats on servers, almost double the monthly average of 77,000. Throughout 2021 we have seen an even greater increase, with an average of 180,000 meetings per month. " 2021 Microsoft Digital Defense Report

Read more on the official Microsoft Digital Defense Report.