Key Takeaways from the “Microsoft Digital Defense Report 2024”

1.  The Evolving Landscape of Cybersecurity: Multiple Threats Uniting

The report underscores a major shift: the traditional lines between cybercriminals and nation-state actors are blurring. In the past, state-sponsored hackers focused on espionage and sabotage, while cybercriminals aimed for financial gain. Today, they are collaborating more than ever, sharing tools, tactics, and infrastructure.

If there is a weak point in your system, threat actors are going to find it.

- Joy Chik, President, Identity and Network Access Microsoft

2. The Rise of Ransomware: New Trends in E-Commerce and Beyond

One concerning trend noted was the rise in human-operated ransomware, targeting businesses across all industries. Unlike traditional ransomware, which encrypts data quickly, these sophisticated attacks involve disabling defences, stealing sensitive data, and leveraging it for extortion.

Emerging Scenarios:

• E-Commerce headache: Online retailers are prime targets for ransomware due to their reliance on seamless digital transactions. Attackers disrupt services, leading to significant downtime, lost revenue, and damaged brand reputation.

• Complex tactics: Attackers are employing methods like social engineering, SIM swapping and adversary-in-the-middle attacks (AiTM - which occur when attackers trick users into clicking a link and completing MFA on the attacker’s behalf) to bypass MFA protections, making it even harder for businesses to defend against these threats.

Protective Measures:

• Strengthening ransomware response strategy by regularly updating incident response plans and conducting mock simulations.
• Enforce MFA and raise awareness about phishing.
• Using AI-driven cybersecurity tools to detect unusual activity early and automate response actions.
• Intellectual Property at Risk: Nation-state actors are increasingly targeting trade secrets and proprietary data, with attacks linked to elections and geopolitical conflicts like the Russia-Ukraine war and Iran-Israel tensions.
• Supply Chain Vulnerabilities: Attackers are exploiting third-party vendors and IT providers as entry points, posing significant risks to companies reliant on external partners for critical services.

3.  DDoS Attacks: Stealthier threats emerge

Distributed Denial of Service (DDoS) attacks have intensified, peaking at 4,500 attacks per day in June 2024. More concerning is the rise in covert application-layer DDoS attacks, which target web applications and bypass traditional network-level defences.

Business Impact:

• Sectors like finance, gaming, and technology have been particularly affected, with a notable increase in DDoS attacks against India’s gaming industry.
• These attacks can cause significant downtime and financial losses, damaging both operations and reputations.

Protective Measures:

• Implement a DDoS protection solution, securing the network and application infrastructure, hardening the DNS infrastructure
• Add security measures such as firewalls, load balancers, and routers to secure the network and application infrastructure.
• Implement security measures such as DNSSEC and DNS filtering to harden the DNS infrastructure.
• Create an incident response plan and carry out regular DDoS simulations to ensure preparedness.

As we look to the future, the dawning of the age of AI means cybersecurity professionals will encounter both new opportunities and new challenges.

- Amy Hogan-Burney, Vice President & Deputy General Counsel Customer Security & Trust, Cybersecurity Policy & Protection Unit, Microsoft

4. Business Email Compromise: A Growing Threat

As email is often the channel fraudster use to launch their attacks, Business Email Compromise (BEC) remains a prevalent challenge for businesses. BEC is where attackers use techniques like inbox rule manipulation (where emails with keywords related to credentials or financial matters are redirected to less monitored folders like Spam, hiding their fraudulent activity from the user’s immediate view), (homoglyph domains (e.g., using "micr0soft.com" instead of "microsoft.com"), impersonate executives, or hijack legitimate email accounts to deceive employees into sharing sensitive information or transferring funds.

Business Impact:

• BEC attacks have a high financial impact. In 2023, it was report that BEC scams have caused over $50 billion in global losses, making it one of the most lucrative cybercrimes.
• Impersonation attacks can severely damage brand reputation and client trust.

Protective Measures:

• Enforce multi-factor authentication (MFA) to secure email accounts.
• Implement a comprehensive Email Compromise Protection (ECP) solution to protect emails and your brand identity. This includes using SPF, DKIM, and DMARC protocols to authenticate emails from your domain, ensuring only verified senders can use your brand name. Further strengthen this with Verified Mark Certificates to visually assure email recipients that the email is from you.
• Train employees to spot red flags and verify unusual payment requests via separate communication channels.
• Use domain monitoring tools to detect and block look-alike domains.

5. Phishing and Domain Threats

Corporate and brand impersonation attacks are escalating, with businesses of all sizes at risk. Attackers are setting up fake websites, creating counterfeit social media profiles, and launching phishing campaigns that exploit trusted brand names.

Attackers are using legitimate services and increasingly sophisticated techniques to bypass traditional email security filters, posing a significant risk to brand integrity and user trust. Fraudsters have also doubled down on various forms of impersonating domains including homoglyphs, sub-domain squatting, and plausible alternate domain registration.

Key Threats:

• Homoglyph domains (e.g., “paypaI.com” with a capital "I" instead of a lowercase "L") and alternate domain registrations (e.g., using ".net" instead of ".com") are designed to deceive users into visiting fake websites that closely resemble legitimate brands.
• Sub-domain Squatting: Cybercriminals exploit trusted cloud services to create malicious sub-domains (e.g., “yourbrand.cloudprovider.com”), making phishing emails appear more legitimate.
• These attacks can cause significant financial and reputational loss for companies and consumers alike.

Protective Measures:

• Proactively register your primary domain in multiple TLDs (e.g., .com, .net, .org etc.) and secure common misspellings or regional domains to prevent bad actors from misusing your business online.
• Implement robust domain monitoring and watching services to identify infringing domains that resemble your brand name or trade marks. Early detection enables quick takedowns and limits potential damage.
• Use web application firewalls and anti-phishing technologies to block malicious websites
• Educate your customers about identifying legitimate communications from your brand and provide guidance on avoiding phishing scams.
• Educate staff to adopt zero trust principles (even if the request looks like it is coming from the CEO), question content integrity and to report anything suspicious.

6.  AI: A Double-Edged Sword in Cybersecurity

The rapidly growing role of artificial intelligence (AI) in cybersecurity featured heavily in the report, highlighting both the positives and negatives of this powerful technology. While AI offers enhanced capabilities for threat detection and response, it also presents new challenges as attackers use it to scale their operations.

42% growth in IoT

With the Internet of Things (IoT) market growing at 42% per year, pervasive targeting of personal and home-use products is also expected.

In the coming year, Microsoft anticipate the biggest rises in automated fraud with the use of deepfake impersonation as cyberattack and fraud channels.

Key Threats:

• AI-Enhanced Phishing: Attackers are using AI to create more realistic phishing emails, automate social engineering attacks, and even generate deepfake audio or video content to impersonate executives in Business Email Compromise (BEC) scams.
• AI for Defence: On the flip side, AI is helping defenders by automating routine security tasks, analysing vast amounts of data for anomalies, and speeding up incident response.

Protective Measures:

Businesses need to ensure they are harnessing AI’s potential not only for defence but also for proactive threat hunting and automating security operations, including:

• Leverage AI tools for real-time threat detection and anomaly analysis to stay ahead of sophisticated attacks.
• Integrate AI capabilities into your IT processes to automate responses and reduce human error.
• Employ AI technology to monitor and detect online activity to identify infringing domains, content and registrations so you can quickly act to remove it.

We all can, and must, do better, hardening our digital domains to protect our networks, data, and people at all levels."

- Tom Burt, Microsoft