Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Microsoft : How cyberattacks are changing according to new Microsoft Digital Defense Report

10/11/2021 | 02:42pm EST

In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure-healthcare,1 information technology,2 financial services,3 energy sectors4-with headline-grabbing attacks that crippled businesses and harmed consumers. But there are positive trends-victims are coming forward, humanizing the toll of cyberattacks and prompting increased engagement from law enforcement. Governments are also passing new laws and allocating more resources as they recognize cybercrime as a threat to national security.

Earlier this month, Microsoft published the 2021 Microsoft Digital Defense Report (MDDR). Drawing upon over 24 trillion daily security signals across the Microsoft cloud, endpoints, and the intelligent edge, the 2021 MDDR expands upon last year's inaugural report and contains input from more than 8,500 security experts spanning 77 countries-including insights on the evolving state of ransomware, malicious email, malware, and more.

Ransomware goes retail

Ransomware offers a low-investment, high-profit business model that's irresistible to criminals. What began with single-PC attacks now includes crippling network-wide attacks using multiple extortion methods to target both your data and reputation, all enabled by human intelligence. Through this combination of real-time intelligence and broader criminal tactics, ransomware operators have driven their profits to unprecedented levels.

This human-operated ransomware, also known as "big game ransomware," involves criminals hunting for large targets that will provide a substantial payday through syndicates and affiliates. Ransomware is becoming a modular system like any other big business, including ransomware as a service (RaaS). With RaaS there isn't a single individual behind a ransomware attack; rather, there are multiple groups. For example, one threat actor may develop and deploy malware that gives one attacker access to a certain category of victims; whereas, a different actor may merely deploy malware. It's effectively a crime syndicate where each member is paid for a particular expertise.

Once a criminal actor compromises a network, they may steal confidential information, financial documents, and insurance policies. After analyzing this intelligence, they will demand an "appropriate" ransom to not only unlock their victim's systems but also to prevent public disclosure of exfiltrated data. This is known as the double extortion model: a victim is extorted for ransom on stolen data and intellectual property (IP), and then again to prevent the attacker from publishing it.

Typically, threat actors will demand payment through cryptocurrency wallets. The underlying blockchain technology enables the owners of crypto wallets to remain pseudonymous. But the criminal actor needs to find a way to cash out, which is where middlemen in the cryptocurrency ecosystem step in to facilitate ransom-related transactions and payments. Both the private sector and government agencies-through civil litigation, prosecution, regulatory enforcement, and international collaboration-can take coordinated action against ransomware intermediaries to disrupt the payment process. Data from Microsoft's Detection and Response Team (DART) shows that the three sectors most targeted by ransomware were consumer, financial, and manufacturing.

Figure 1: DART ransomware engagements by industry (July 2020 to June 2021).

The best way to be prepared against ransomware is to make it harder for attackers to access systems while making it easier for victims to recover-without paying a ransom. Encouraging organizations to prepare for the worst is actually a proactive strategy, one that's designed to minimize monetary incentives for attackers. To learn more about defending against ransomware, read the 2021 MDDR. Microsoft also supports the guidance presented in the Ransomware Playbook by the Cyber Readiness Institute.

Figure 2: Three steps for limiting damage from ransomware.

Malicious email: Bait and switch

Reports of phishing attacks doubled in 2020, with credential phishing used in many of the most damaging attacks. The Microsoft Digital Crimes Unit (DCU) has investigated online organized crime networks involved in business email compromise (BEC), finding a broad diversification of how stolen credentials are obtained, verified, and used. Threat actors are increasing their investment in automation and purchasing tools, so they can increase the value of their criminal activities.

Overall, phishing is the most common type of malicious email observed in our threat signals. All industries receive phishing emails, with some verticals more heavily targeted depending on attacker objectives, availability of leaked email addresses, or current events regarding specific sectors and industries. The number of phishing emails we observed in Microsoft Exchange global email flow increased from June 2020 to June 2021, with a pronounced surge in November potentially taking advantage of holiday-themed traffic.

"In 2020, the industry saw a surge of phishing campaigns that has remained steady throughout 2021. Internally at Microsoft, we saw an increase in overall number of phishing emails, a downward trend in emails containing malware, and a rise in voice phishing (or vishing)."-2021 Microsoft Digital Defense Report

Figure 3: Malicious email techniques.

Phishing sites frequently copy well-known, legitimate login pages, such as Microsoft Office 365, to trick users into inputting their credentials. In one recent example, attackers combined open redirector links with bait that impersonates well-known productivity tools and services. Users clicking the link were lead to a series of redirections-including a CAPTCHA verification page that adds a sense of legitimacy-before landing on a fake sign-in page and finally, credential compromise. Those stolen identities can then be weaponized in BEC attacks or via phishing websites. Even after a successful attack, threat actors may re-sell accounts if the credentials remain compromised.

Microsoft Defender SmartScreen detected more than a million unique domains used in web-based phishing attacks in the last year, of which compromised domains represented just over five percent. Those domains typically host phishing attacks on legitimate websites without disrupting any legitimate traffic, so their attack remains hidden as long as possible.

Domains created specifically for attacks tend to be active for shorter periods. Over the last year, Microsoft has seen attacks come in short bursts that begin and end within as little as one to two hours.

Because those minutes matter, Microsoft is again co-sponsoring the annual Terranova Gone Phishing Tournament™, which uses real-world simulations to establish accurate clickthrough statistics. By using a real phishing email template included in Microsoft Defender for Office 365, Attack Simulator provides context-aware simulations and hyper-targeted training to educate employees and measures behavior changes.

Malware: Opportunity knocks

Just as phishing has grown in scale and complexity over the last year, malware too has continued to evolve. Microsoft 365 Defender Threat Intelligence has observed recent innovations that can lead to greater success among attackers. Even with a range of attack goals-ransom, data exfiltration, credential theft, espionage-many malware types rely on time-tested strategies for establishing themselves in a network.

"In every month from August 2020 to January 2021, we registered an average of 140,000 web shell threats on servers, which was almost double the 77,000 monthly average. Throughout 2021 we saw an even bigger increase, with an average of 180,000 encounters per month."-2021 Microsoft Digital Defense Report

Simple and effective, web shell usage continues to climb among both nation-state groups and criminal organizations, allowing attackers to execute commands and steal data from a web server, or use the server as a launchpad for further attacks. PowerShell, using suspicious flags or encoded values, was the most common behavior Microsoft observed from malware this year.

Also popular is malware that attempts to rename or inject payloads to mimic system processes and collect data from browser caches. Other forms of malware in play were: use of specific reconnaissance strings; processes added to startup folders; Windows Antimalware Scan Interface (AMSI) and registry alterations; and executables dropped from Microsoft Office 365 files accompanied by other alerts. We also observed malware tactics that are more difficult to mitigate, such as:

  • Fileless malware and evasive behavior-these include numerous fileless malware techniques employed by botnets, commodity downloaders, and advanced malware campaigns, all designed to make removal and detection more difficult.
  • Legitimate service abuse in network communications-Google Drive, Microsoft OneDrive, Adobe Spark, Dropbox, and other sites are still popular for malware delivery, while "content dump" sites such as Pastebin.com, Archive.org, and Stikked.ch are increasingly popular for component download in multi-part and fileless malware.

Learn more

Every person and organization has the right to expect the technology they use to be secure and delivered by a company they can trust. As part of Microsoft's differentiated approach to cybersecurity, the DCU represents an international team of technical, legal, and business experts that have been fighting cybercrime to protect victims since 2008. We use our expertise and unique view of online criminal networks to take action. We share insights internally that translate to security product features, we uncover evidence for criminal referrals to law enforcement throughout the world, and we take legal action to disrupt malicious activity.

For a comprehensive look at the state of cybercrime today, including the rise of malicious domains and adversarial machine learning, download the 2021 Microsoft Digital Defense Report. Look for upcoming blog posts providing in-depth information for each themed week of Cybersecurity Awareness Month 2021. Visit our Cybersecurity Awareness Month page for more resources and information on protecting your organization year-round. Do your part. #BeCyberSmart

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

1Cybercriminals Ramp Up Attacks on Healthcare, Again, James Liu, Security Boulevard. 03 June 2021.

2Microsoft Warns of Continued Attacks by the Nobelium Hacking Group, Nathaniel Mott, PCMag. 26 June 2021.

3Attacks on Financial Apps Jump 38% in First Half of 2021, Natasha Chilingerian, Credit Union Times. 23 August 2021.

4One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators, Stephanie Kelly, Jessica Resnick-ault, Reuters. 08 June 2021.


Microsoft Corporation published this content on 11 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 11 October 2021 18:41:04 UTC.

ę Publicnow 2021
12:26aSATYA NADELLA : Stocks to Extend Gains, -2-
11/29MICROSOFT : and Princeton urge strong protections for Dreamers in DACA rulemaking
11/29Tech Up As Sector Seen Growing Regardless Of Omicron Fallout -- Tech Roundup
11/29Wall Street rebounds after virus-related sell-off
11/29US Stocks Rebound Monday After Friday's Sell-Off as Megacap Techs Lead
11/29US Stocks Rebound Monday, Paring Friday's Heavy Losses as Megacap Techs Lead
11/29Wall Street rebounds after virus-related sell-off
11/29STUDENTS : Find out how to get started in the 2022 Imagine Cup competition
11/29FACTBOX : Who is Twitter's new CEO Parag Agrawal?
11/29MICROSOFT : Watch players compete Dec. 3 at inaugural Game Pass Has PC Games Invitational ..
More news
Analyst Recommendations on MICROSOFT CORPORATION
More recommendations
Financials (USD)
Sales 2022 196 B - -
Net income 2022 71 157 M - -
Net cash 2022 83 357 M - -
P/E ratio 2022 35,4x
Yield 2022 0,73%
Capitalization 2 527 B 2 527 B -
EV / Sales 2022 12,5x
EV / Sales 2023 10,9x
Nbr of Employees 181 000
Free-Float 99,9%
Duration : Period :
Microsoft Corporation Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends MICROSOFT CORPORATION
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus BUY
Number of Analysts 41
Last Close Price 336,63 $
Average target price 364,81 $
Spread / Average Target 8,37%
EPS Revisions
Managers and Directors
Satya Nadella Chairman & Chief Executive Officer
Bradford L. Smith President & Chief Legal Officer
Amy E. Hood Chief Financial Officer & Executive Vice President
James Kevin Scott Chief Technology Officer & Executive VP
Matthias Troyer Distinguished Scientist
Sector and Competitors
1st jan.Capi. (M$)
SEA LIMITED49.12%164 624