The volume of password attacks has risen to an estimated 921 attacks every second globally — a 74 per cent increase in just one year, a Microsoft report has said.

From July 2021 to June 2022, the tech giant’s digital defence teams blocked 34.7 billion identity threats and 37 billion email threats.

According to the ‘Digital Defence Report 2022’, attackers are adapting and finding new ways to implement their techniques, thereby increasing the complexity of how and where they host campaign operation infrastructure.

Attacks against remote management devices are on the rise, with more than 100 million attacks observed in May 2022 — a five-fold increase in the past year.

“To lower their overhead and boost the appearance of legitimacy, attackers are compromising business networks and devices to host phishing campaigns, malware, or even use their computing power to mine cryptocurrency,” the findings showed.

Human-operated ransomware is most prevalent, as one-third of targets are successfully compromised by criminals using these attacks and 5 per cent of those are ransomed.

Buy Me a Coffee

About 93 per cent of Microsoft’s ransomware incident response engagements revealed insufficient controls on privileged access and lateral movement.

The most effective defence against ransomware includes multi-factor authentication, frequent security patches, and Zero Trust principles across network architecture, the report noted.

Microsoft said it synthesises 43 trillion signals daily, using sophisticated data analytics and AI algorithms to understand and protect against digital threats and criminal cyber activity.

READ
Hackers Exploit Vulnerability in WordPress Plugin Hunk Companion to Install Outdated and Vulnerable Plugins

“Nation-state actors are launching increasingly sophisticated cyberattacks designed to evade detection and further their strategic priorities. Cybercriminals have begun using advancements in automation, cloud infrastructure, and remote access technologies to attack a wider set of targets,” said the company.

To date, Microsoft removed more than 10,000 domains used by cybercriminals and 600 used by nation-state actors.

“Foreign actors are using highly effective techniques — often mirroring cyberattacks to enable propaganda influence to erode trust, impact public opinion, and increase polarisation — domestically and internationally,” the report cautioned.