In 2018, Microsoft’s Security team analyzed more than 6.5 trillion security signals a day to identify security trends that expose organizations to significant cyber risks. Here’s what they found!
Phishing is Way Up!
After scanning more than 470 billion email messages sent and received in its Office 365 platform, Microsoft found that the number of phishing emails grew an alarming 250 percent. Making matters worse, techniques used by scammers are becoming more proficient and harder to detect because scammers are beginning to diversify the phishing attack techniques.
Diverse Attack Methods
According to the report, techniques used by attackers include domain spoofing & impersonation, user impersonation, text lures, credential phishing links, phishing attachments, and links to fake cloud storage locations. These sophisticated techniques make phishing emails appear legitimate, while presenting malicious files and links for a user to access.
Any Good News? Yes! Ransomware is Down
The report suggests that ransomware infections peaked in 2017 because recent data shows that ransomware is declining rapidly. In fact, according to Microsoft, ransomware rates declined about 60 percent between March 2017 and December 2018. Microsoft notes that hackers are choosing to abandon high-maintenance ransomware attacks for more low-effort crypto-jacking campaigns – an attack where malware is unknowingly installed on a user’s machine which steals processing power to generate cryptocurrencies for the attacker.
Software Supply Chain Attacks Increased
A supply chain attack occurs when the attacker compromises the development or update process of a legitimate software publisher. The malicious code is then delivered to the user hidden in the legitimate software. 2018 saw many supply chain attacks including the Dofoil trojan, a poisoned Chrome browser extension, and a malicious WordPress plug-in. To prevent a supply chain attack, help is needed from almost everyone in the supply chain including the software developers who write the code all the way down to the system administrators who install the code for the end user.