In its annual Digital Defense Report, covering trends from July 2023 to July 2024, Microsoft highlights the alarming rise in cyberattacks during growing geopolitical tensions. The report reveals that Microsoft’s customers are facing an astounding 600 million attacks daily from both cybercriminals and nation-state actors. It also emphasizes how cyber operations are deeply intertwined with geopolitical conflicts.
“To effectively counter the rising tide of cyber threats, we must not only strengthen our digital defenses at every level, but also foster a deep, enduring commitment to cybersecurity principles. This commitment must span from individual users to corporate executives and government leaders, ensuring a united front against malicious cyber activity,” commented Anna Bar Lev, Senior Security Go To Market Manager for Southeast Europe at Microsoft.
The Biggest Changes of the Year
Microsoft reported 2.75 times increase in ransomware attacks compared to the previous year, but the percentage of organizations that are ultimately ransomed (reaching the encryption stage) has decreased more than threefold over the past two years. Attackers still rely on predictive human behaviors such as selecting easy-to-guess passwords, reusing them on multiple websites, and falling prey to phishing attacks. Password attacks make up 99% of all identity attacks.
Cyber-enabled financial fraud is rising globally, with new trends in payment fraud and the misuse of legitimate services for phishing and malicious activities. One alarming type of fraud is techscam, which tricks users by impersonating legitimate services or using fake tech support and ads. Techscam traffic surged 400% from 2021 to 2023, far outpacing the 180% rise in malware and 30% rise in phishing, underscoring the need for stronger defenses.
DDoS attacks continued to evolve. In the second half of the year, Microsoft mitigated 1.25 million DDoS attacks, representing a 4x increase compared with last year.
Microsoft Threat Intelligence now tracks more than 1,500 unique threat groups—including more than 600 nation-state threats, 300 cybercrime groups, 200 influence operations groups, and hundreds of others.
In 2024, a key insight was that Education and Research became the second-most targeted sector by nation-state threat actors. These institutions, offering intelligence on research and policy, are often used as testing grounds before pursuing their actual targets.
Geopolitical Conflicts Drive Cyber Campaigns
Nation-states are becoming more aggressive in the cyber domain, with ever-growing levels of technical sophistication that reflect increased investment in resources and training.
Russian, Iranian, and Chinese actors have intensified cyber operations around active conflicts. Russian attacks have primarily targeted Ukraine and NATO countries, while China has focused on Taiwan and Southeast Asia. The ongoing Israel-Hamas war intensified Iranian cyber activity, targeting Israel, the U.S., and Gulf nations. Russia and Iran also exploited both the war and the U.S. election to spread divisive propaganda.
Russia, Iran, and China continue to undermine trust in democratic processes. A significant rise in phishing attacks using homoglyph domains (fake lookalike links) has been detected, with Microsoft tracking 10.000 such domains.
Generative AI Misuse
Both cybercriminals and state actors are experimenting with AI driven tools. While China favors the use of AI-generated imagery, Russia has focus on AI-powered audio tools. So far, these efforts have shown limited influence. On the other hand, AI tools are helping cybersecurity teams respond faster to threats by automating tasks like alert analysis.
Strengthening Cybersecurity through Defense and Collaboration
Microsoft emphasizes that mitigating cyber threats requires close collaboration between public and private sectors. Governments must require meaningful penalties for malicious activities to prevent attacks. Current international norms in cyberspace lack effective enforcement, resulting in continued state-sponsored aggression.
Microsoft’s Secure Future Initiative aims to protect customers by hardening digital infrastructure and improving cybersecurity practices. However, lasting success will require a combination of defense, deterrence, and global cooperation, like developing international norms of conduct in cyberspace, to neutralize the rising tide of cyberattacks.
Microsoft delivers the fifth edition of the annual Microsoft Digital Defense Report as a part of its commitment to helping the world understand and mitigate cyber threats. Microsoft processes more than 78 trillion security signals per day, from billions of Windows endpoints, the cloud, and a broad spectrum of products and services. From these signals the company gains visibility into attack activity, a unique understanding of emerging attack techniques, and deeper insights into the overall threat landscape. This spectrum of security signals is further enhanced by the diversity of customers and partners, including governments, enterprises large and small, consumers, and gamers around the world.