According to the Microsoft Digital Defense Report, from July 2023 to July 2024, Microsoft customers face 600 million attacks every day from both cybercriminals and nation states. It also emphasizes that cyber operations are closely related to geopolitical conflicts.
According to the Microsoft Digital Defense Report, from July 2023 to July 2024, Microsoft customers face 600 million attacks every day from both cybercriminals and nation states. It also emphasizes that cyber operations are closely related to geopolitical conflicts.
Microsoft reported a 2.75-fold increase in ransomware attacks compared to the previous year, but the percentage of organizations reaching the encryption stage as a result of these attacks has more than tripled in the past two years. Attackers still rely on predictable human behavior, such as choosing easy-to-guess passwords, reusing them across multiple websites, thus becoming victims
phishing attacks. Password attacks account for 99% of all identity attacks.
Financial cyber fraud is on the rise worldwide due to new trends in payment fraud and misuse of legitimate services for phishing and malicious activities. One worrying type of fraud is Techscam, which deceives users by pretending to be legitimate services or using
fake technical support and advertising.
Techscam traffic increased by 400% from 2021 to 2023, well ahead of malware growth of 180% and phishing by 30%, underscoring the need for stronger protections.
DDoS attacks have continued to evolve. In the second half of the year, Microsoft repelled 1.25 mky DDoS attacks, which is four times more than last year.
Microsoft Threat Intelligence now tracks more than 1,500 unique threat groups, including more than 600 nation-state threats, 300 cybercriminal groups, 200 influence groups, and hundreds more.
In 2024, a key finding was that education and research became the second most attacked by nation-state actors. These institutions, possessing research and policy intelligence, are often used as a testing ground for pre
how to pursue your real goals.
Nation-states are becoming increasingly aggressive in the cyber sphere, with ever-increasing levels of technical sophistication reflecting increased investment in resources and training.
Russian, Iranian, and Chinese actors have intensified cyber operations around active conflicts. Russian attacks were primarily aimed at Ukraine and NATO countries, while China focused on Taiwan and Southeast Asia. The ongoing war between Israel and Hamas has increased Iran’s cyber activity against Israel, the United States, and the Gulf states.
Russia and Iran have also used both the war and the US election to spread divisive propaganda.
Russia, Iran and China continue to undermine trust in democratic processes. A significant increase in phishing attacks using homoglyph domains (fake duplicate links) has been detected, with Microsoft tracking 10,000 such domains.
Both cybercriminals and state actors are experimenting with AI-based tools. While China prefers to use AI-generated images, Russia has focused on AI-powered audio tools. So far, these efforts have shown limited impact. On the other hand, AI tools help cybersecurity teams respond more quickly to threats by automating tasks such as alert analysis.
