According to Microsoft’s Digital Defense record, which was released on October 15, the number of attempted malware attacks on Microsoft customers worldwide has increased significantly in the last year. Fewer of these attacks have advanced to the encryption stage, despite advances in automated attack disturbance technologies.

Microsoft reported 600 million cybercrime and nation-state problems occurring regularly. While malware attempts increased by 2.75 days, successful ransomware efforts decreased by threefold.

The inverse ratio of ransomware launches to ransom runs suggests threats are working, according to Microsoft. Origin: Microsoft Defender for Terminal

Major attack types include deepfakes, e-commerce fraud

Microsoft says it” tracks more than 1, 500 unique risk groups — including more than 600 nation-state risk professional organizations, 300 crime groups, 200 effect operations groups, and hundreds of others”. The best five malware people — Akira, Lockbit, Play, Blackcat, and Basta — accounted for 51 % of documented problems.

According to the report, intruders most frequently exploit social engineering, personality concessions, and risks in public-facing programs or unpatched operating systems. They frequently install remote tracking tools or interfere with security products when outside. Notably, 70 % of successful attacks involved remote encryption, and 92 % targeted unmanaged devices.

Another main types of attacks included:

  • Network attacks.
  • Cyber-enabled financial scam.
  • Attacks on e-commerce spaces, where credit card transactions do n’t require the card to be physically present.
  • Impersonation.
  • Deepfakes.
  • Account acquisition.
  • Identity and social engineering attacks, the majority (99 % ) of which were password theft attacks.
  • SIM transferring.
  • Social engineering at the support desk, where hackers pretend to be customers to change passwords or connect fresh products.
  • Credential phishing, mainly through phishing-as-a-service tasks. HTML or PDF parts that contain harmful Links frequently trigger these.
  • DDoS problems, which caused a worldwide failure earlier this year.

Antivirus tampering was a significant person in the previous month: over 176, 000 occurrences that Microsoft Defender XDR discovered in 2024 included security settings tampering.

Notice: Ransomware hackers can use backup information to extort money from customers.

Nation-state, economically determined stars share tactics

Both financially-motivated danger stars and nation-state players increasingly use the same data stealers and command-and-control systems, Microsoft found. Ironically, financially-motivated actors then start sky personality bargain attacks — a tactic formerly associated with nation-state attackers.

” This time, state-affiliated risk players increasingly used legal tools and tactics— and even scammers themselves — to advance their interests, blurring the lines between nation-state backed malicious action and fraudster activity”, the report stated.

Microsoft tracks major threat actor groups from Russia, China, Iran, and North Korea. These nation-states may either use financial threat actors to make money or ignore what is happening within their borders.

According to Tom Burt, Microsoft’s corporate vice president of customer security and trust, the ransomware issue highlights the connection between nation-state activities and financially motivated cybercrime. Countries that either profit from these operations or fail to take steps against cybercrime within their borders to help to worsen this issue.

Expert Evan Dornbush, former NSA cybersecurity expert, offers perspectives on the matter:

This report” signifies one trend that is currently receiving scant attention and is likely to shape the future of cyberspace: the amount of money criminals can make,” he wrote in an email to TechRepublic. ” Per the Microsoft report, government, as a sector, only makes up 12 % of the aggressors ‘ targeting sets. The private sector accounts for the majority of victims.

The following industries were the most targeted by nation-state threat actors this year:

  1. IT.
  2. Education.
  3. Government.
  4. Think tanks and NGOs.
  5. Transportation.

generative AI is used by both the attacker and the defender.

Generative AI introduces a new set of questions. Microsoft advises limiting generative AI’s access to sensitive data and ensuring that data governance guidelines are followed when using it. The report outlines AI’s significant impacts on cybersecurity:

  • As attackers and defenders are using AI tools more frequently.
  • With AI, nation-state actors can create deceptive audio and video.
  • AI spear phishing, résumé swarming, and deepfakes are now common.
  • Conventional methods for limiting foreign influence operations may no longer be effective.
  • AI guidelines and operating procedures can reduce some of the risks posed by the use of AI tools.
  • Although many governments concur that security is a crucial component of the development of AI, many others pursue it in entirely different ways.

According to Burt,” the sheer volume of attacks must be reduced by effective deterrence,” and while the industry must do more to stop attackers ‘ efforts through better cybersecurity, this needs to be combined with government action to enshrine the results that further deter the most harmful cyberattacks.

How organizations can prevent common cyberattacks

The Microsoft report includes steps businesses can take to avoid particular kinds of attacks. TechRepublic distilled some enactable ideas that are applicable to all industries:

  • Implement policies like those for multi-factor authentication and attack surface reduction to stop attacks at the technique layer.
  • Similarly, use” secure-by-default” settings, which make multi-factor authentication mandatory.
  • Use strong password protection.
  • Test pre-configured security settings, such as security defaults or managed Conditional Access policies, in report-only mode to understand their potential impact before going live.
  • Classify and label sensitive data, and have DLP, data lifecycle, and Conditional Access policies around high-risk data and high-risk users.

Following the Chinese infiltration into Microsoft government email accounts in July 2023, Microsoft implemented its Secure Future Initiative this year.