By Steve Ginty, Principal Program Manager, Microsoft Defender Threat Intelligence (MDTI)
Cybercrime is big and growing bigger. So much so that it can often be difficult to fully understand the impact online attacks have driven over the past decades. To better illustrate the scale and scope of worldwide cybercrime, we've used data from across Microsoft-owned properties and a mix of external sources to create the Cyberthreat Minute, a comprehensive report on malicious activity that is happening within any given 60-second window across the world.
Keep reading to uncover the insights.
Research shows that cyber attacks vary by type and focus
If we’ve learned anything from our examination of last year’s online attacks, it’s that security teams need to be prepared to defend against a wide variety of threats at all times. According to RiskIQ, which was acquired by Microsoft in 2021, password attacks were far and away the most commonly observed type of threat, clocking in at 34,740 every minute. However, we also saw 1,902 Internet of Things (IoT)-based attacks and 1,095 distributed denial-of-service (DDoS) attacks over the same time period.
The picture gets even more complex the further you dive into internal Microsoft security data. Our scale and reach allow us to observe, aggregate, and correlate threat signals across the globe and from a variety of industries. And our diverse spectrum of threat data from endpoints, identities, applications, and the cloud are reasoned over by our security researchers, who help to generate a high-fidelity picture of the current state of the threat landscape. Microsoft most commonly blocked email threats, identity threats, and brute-force authorization attacks, the latter of which was blocked by Azure Active Directory. But that’s not all. Microsoft customers also experienced malware threats that were blocked by Microsoft Defender for Endpoint, endpoint threats, and the detection of new open ports.
Even more details emerged when we examined a broad range of market data. In 2021, there were seven phishing attacks every minute, one SQL injection attack every two minutes, one new threat infrastructure detection every 35 minutes, one supply chain attack every 44 minutes, and one ransomware attack every 195 minutes. All of this comes together to create a tangled cybercrime landscape for security teams to contend with.
What is the true cost of cybercrime?
Cybercrime is a disruptive and economically corrosive force that causes trillions of dollars in damages every year. The cost of cybercrime comes from damage done to data and property, stolen assets — including intellectual property — and the disruption of business systems and productivity.
Here’s a breakdown of how much cybercriminals cost businesses and consumers in 2021 per minute:
- Worldwide economic impact of cybercrime: $1,141,553
- Global cybersecurity spend: $285,388
- E-commerce payment fraud losses: $38,052
- Global ransomware damages: $38,051
- Total cost of business email compromise: $4,566
- Amount lost to cryptocurrency scams: $3,615
- Average cost of breach: $8
- Average cost of malware attacks: $5
So, how should enterprises guard against the disruptions and financial losses that come with a cybersecurity breach? It starts with understanding the full scope of the digital landscape that they need to protect.
As the digital landscape grows, what should organizations expect next?
The internet continues to expand, and threat actors are only getting savvier when it comes to the tools and methods they use for evading detection, bypassing security systems, and perpetrating attacks. If we use 2021 as an example, there were 79,861 new hosts and 7,620 new IoT devices every minute. Likewise, we discovered 150 new domains, 53 new active LetsEncrypt SSL certificates, and 23 new mobile apps created in the same time period. Each of these additions can act as a doorway for threat actors.
Cloud migrations, new digital initiatives, and shadow IT all widen the attack surface. At the enterprise level, that can mean a vast estate spanning multiple clouds and massively complex ecosystems. Meanwhile, cheap infrastructure and flourishing cybercrime economies grow the threat landscape that organizations must track. Organizations need to ensure they’re one step ahead of growing and more persistent online threats by creating a more holistic cybersecurity strategy that protects their operations on all fronts.
To gain control of this dynamic threat landscape, it’s important that security teams keep a pulse on new and emerging threats, the latest cybercrime tactics, and the leading tools at their disposal. Microsoft tracks more than 43 trillion signals every day to develop dynamic, hyper-relevant threat intelligence that evolves with the attack surface and helps us to detect and respond to threats rapidly. Our customers can access this intelligence directly to create a deep and unique view of the threat landscape, a 360-degree understanding of their exposure to it, and tools to mitigate and respond.
Learn more about how your organization can safeguard operations in 2022 by downloading the full report and exploring Microsoft Security Insider.