There’s only one year left of support for over two dozen 2016- and 2019-branded Office solutions, Microsoft reminded this week.
More worrying Microsoft recently described the cybersecurity outlook as “pessimistic” in its fifth-annual Digital Defense Report released this week. The 114-page paper provides a grim view of cybersecurity trends between July 2023 and June 2024. Microsoft observed signs of collusion between state-sponsored attackers and cybercriminals, with growing use of cyberattacks as tools of warfare, and the use of attacks to manipulate election outcomes.
“Because these actors conduct both targeted and opportunistic attacks, the threat they present is universal, meaning organizations, users, and devices are at risk anywhere, anytime,” said Tom Burt, Microsoft’s corporate vice president of Customer Security & Trust, in the report’s introduction.
Alarmingly, Microsoft found ransomware attempts nearly tripled year over year, yet the success rate declined due to solutions that provide automatic attack disruption. However, when a ransomware attempt does succeed, it’s usually found an unmanaged network device used to infiltrate using remote encryption; over 90 percent of attacks that make it to the ransom stage take this route.
Ransomware attacker’s use social engineering methods. Phishing scams are especially damaging; U.S. businesses are expected to lose $3.5 billion to phishing in 2024, according to a Trend Micro study cited in the report.
Microsoft counted 775 million malware-bearing phishing e-mails over the year, with most (56 percent) containing malicious links to entrap users. A smaller but growing portion (25 percent) used QR codes, which are especially tricky because “they appear as an image during mail flow and are unreadable until rendered.” The remaining 19 percent of phishing e-mails relied on malicious attachments.
Worse are what Microsoft refers to as tech scams (“techscam” in the report), which are financially motivated schemes to weaken devices against future attacks. According to Microsoft, these schemes “have 10 times the financial impact of phishing.”
Tech scams lure users to click on malicious ads masquerading as legitimate entities — for instance, Microsoft support services, deals on crypto, shopping sales or browser extensions. These malicious ad platforms can leverage the cloud to quickly and cheaply create host pages, then shut them down within hours, often before victims realize the damage.
“The current landscape of techscam is alarming,” Microsoft said. Tech scams accounted for over 90 percent of malicious traffic in Microsoft’s Edge browser. Overall, the daily volume of Web traffic from tech scams has ballooned by 400 percent since 2022, far outpacing the growth of traffic related to malware and phishing.
Microsoft’s customer base faces over 600 million attacks every day — . “Deterrence can be achieved in two ways — by denial of intrusions or imposing consequences,” it said. “While companies like Microsoft can help ‘deny’ successful cyberattacks via innovation and further improvements in cybersecurity, enforcing international rules with deterrent consequences must fall on governments.”