Blog

What you need to know from the Microsoft Digital Defense Report 2021

“2021 brought powerful reminders that to protect the future we must understand the threats of the present.”
- Microsoft Digital Defense Report 2021

With cybercrime on the rise, securing your organisation for 2022 has become more important than ever. Microsoft’s 2021 Digital Defence Report was recently published and covers cybersecurity trends from the year spanning July 2020 to June 2021. The report is over 130 pages, and forms a definitive overview of the state of the cyber threat landscape in 2021. This blog covers some key insights in the focus areas of the state of cybercrime and ransomware, nation state activity, and breach recovery.

By Faith Akinbo, October 2021

What 24 trillion security signals analysed every 24 hours are saying

Microsoft is in a unique vantage point to provide a ”bird’s eye view” of global threat protection due to their unparalleled IT telemetry capability. The Digital Defense Report provides a comprehensive overview of the global threat landscape from a Microsoft security perspective. To achieve this, Microsoft has accessed their global security community: over 24 trillion security signals were monitored every 24 hours, while leveraging input from more than 8,500 Microsoft security experts from across 77 countries.

Microsoft security signals in 2021 (Microsoft Digital Defense Report 2021)

Cybercrime-as-a-service reduces the cost per cyber attack

A primary finding from the report is that cybercrime, especially ransomware, continues to be one of the largest threats for organisations. Cybercrime-as-a-service has rapidly grown into a mature criminal enterprise, meaning that even non-technical people can purchase a range of services from online marketplaces to execute sophisticated attacks. Affordability is one of the things that has contributed to the rapid growth of cybercrime-as-a-service in 2021 – for example, there are off-the-shelf infection kits that sell for as little as $66. The cost of purchasing credentials from the black-market can be from $1 to $50 each, depending on how valuable the target is. There are many sophisticated kits that not only provide the information about the victim to the criminal who purchased it, but also to the kit creators which increases the severity of the data breach.

Cybercrime-as-a-service costs (Microsoft Digital Defense Report 2021)

Ransomware: more profitable models evolve that are also more dangerous

The report has also found that ransomware has evolved to become more disruptive than ever. Ransomware crime is an increasingly high-profit business model. Criminals have moved their focus from automated attacks that rely on volume and easily paid low ransom sums to human-operated ransomware which employs intelligence and data from online sources to boost profit margins. This evolved approach relies on stealing victims’ financial records and investigating networks that aren’t fully secured to target more vulnerable datasets, and therefore to set higher ransom demands.

Through their use of real-time intelligence and malware, the profits cybercriminals can earn from ransomware are astronomical. In 2021, the largest ransomware payout ever was made by an insurance company at$40 million, setting a new world record.

Phishing attacks double while often evading detection

According to Microsoft, reports of phishing attacks doubled in 2020, with credential phishing being one of the most common. Phishing is the most frequent type of malicious email detected in Microsoft’s threat signals. Phishing emails affect every industry and phishing sites trick their victims by copying established companies’ legitimate login pages. For example, they may create fake Microsoft Office 365 login sites to trick users into entering their credentials. These might even include a CAPTCHA verification page to increase the sense of legitimacy. Worst of all, even after a successful attack, cybercriminals may re-sell the accounts if the credentials remain compromised.

Nation-state attacks are targeting private enterprise

In this past year, there has been a flood of cybercriminal activity coming from nation-states like China, North Korea, Iran, and Russia – with 58% of all cyber-attacks observed by Microsoft coming from Russia alone. Nation-states have been utilising tactics like credential harvesting and malware as a tool to target organisations in the US and UK with desirable information that could be valuable if stolen. According to Microsoft’s Detection and Response Team (DART), the most targeted sectors based on ransomware engagements have been consumer retail (13%), financial services (12%), manufacturing (12%), government (11%) and health care (9%). Nation-state attackers have been targeting pharmaceuticals more in the post-COVID era, for example. In 2021, the UK’s National Cyber Security Centre was ‘95% sure’ that Russian intelligence was behind numerous cyber-attacks that attempted to steal coronavirus research from UK-based pharmaceutical companies.

Breach recovery best practices from Microsoft

The heightened risks posed by the reduced cost of cybercrime, as well as developments seen in ransomware, phishing and nation state attacks mean that it’s more important than ever to ‘prepare for the worst’ i.e., a successful breach.

“I have lost count of the number of times in recent years where I have had to explain how a breach could have been easily avoided – and how or why the ‘horse had already effectively bolted’.”

– David Smart, Managing Director, Softwerx

A good recovery plan helps an organisation to minimise damage and minuses monetary incentives for the attackers. Organisations need to encourage a proactive recovery strategy so that they can limit the scope of damage if they were attacked.

For example, your response plan should include a specific ‘post-breach response’ to a ransomware breach.

Considerations for dealing with a ransomware breach. (Microsoft Digital Defense Report 2021)

To learn more about preparing for a ransomware attack with Microsoft tools, watch our recent Microsoft Security TechTalk on the topic or our blog detailing 7 steps to ‘ransomware resilience’ with a Microsoft First approach.

Softwerx’s unique Microsoft First approach leverages the full power of Microsoft’s latest security features. Our Microsoft Security Assessment can help support the development of your security post-breach response. Let’s apply the lessons we have learnt from the last year since as Winston Churchill said, “Those who do not remember the past are condemned to repeat it.”