The State of Cybercrime In 2022: Exploring the Microsoft Digital Defense Report

Explore the state of cybercrime – and what it means for your organization – with these in-depth findings from the Microsoft Digital Defense Report.

Closeup of microchip padlocks on a electronic board stock photo

By Microsoft Security

Microsoft has worked to illuminate the evolving digital threat landscape with in-depth security reports for more than 15 years. Our mission first began with the Microsoft Security Intelligence Report, which ran from 2005 to 2018. It has since evolved into the Microsoft Digital Defense Report, which was first released in 2020. This latest edition explores the most pressing cyber threats while also providing insight and guidance on how organizations can strengthen their cyber defenses.

Comprised of insights from 43 trillion daily security signals, the Microsoft Digital Defense Report aggregates security data from a broad spectrum of organizations and consumers across the cloud, endpoints, and the intelligent edge. The result is a high-level picture of the threat landscape and the current state of cybersecurity, including indicators that help us predict what attackers will do next.

We’ll be breaking down the Microsoft Digital Defense Report into five digestible parts with one article for each section of the report: cybercrime, nation-state threats, devices and infrastructure, cyber-influence operations, and cyber resiliency. For this first installation, we’ll be covering section one: The State of Cybercrime. Keep reading for an overview of our findings, and click here to access the full report.

Current events lead to more targeted cyber attacks

It’s no secret that cybercrime is on the rise. In large part, this is driven by dramatic increases in both random and targeted attacks. Take, for example, the evolution of cyberattack methods and criminal infrastructure that was used to augment the kinetic war during the Russian invasion of Ukraine.

Microsoft observed threat actors using current events such as Russia’s war on Ukraine and the COVID-19 pandemic to create hyper-realistic, targeted phishing attacks. These attacks use recent news stories to entice consumers to click on malicious links or provide sensitive information that would then enable attackers to gain access to internal networks.

Similarly, 2022 also saw a rise in hacktivism, with private citizens conducting cyberattacks to further social or political goals. Thousands of individuals were mobilized to launch attacks as part of the Russia-Ukraine war. While it remains to be seen whether this trend will continue, the technology industry must come together to design a comprehensive response to this new threat.

Cyber threats are diversifying as cybercrime evolves

This year also saw a significant increase in indiscriminate phishing and credential theft to gain information that is then sold and used in targeted attacks such as ransomware, data exfiltration and extortion, and business email compromise. In fact, 50% of Microsoft cybersecurity recovery engagements are related to ransomware incidents.

Ransomware attacks pose an increased risk to all individuals as critical infrastructure, businesses of all sizes, and state and local governments are targeted by criminals leveraging a growing cybercriminal ecosystem. As ransomware attacks have become more audacious in scope, their effects have become more wide-ranging. A sustainable and successful effort against this threat will require the government and private sector to work closely together to create a coordinated response plan.

When looking at organizations that were impacted by ransomware attacks, common vulnerabilities included weak identity controls, ineffective security operations, and incomplete data protection strategies. Organizations looking to shore up their defenses can start by evaluating their own security procedures to see if they contain similar weaknesses.

The CaaS economy is growing and evolving

Cybercrime as a service (CaaS) is a growing and evolving threat to customers worldwide. The Microsoft Digital Crimes Unit (DCU) observed continued growth of the CaaS ecosystem with an increasing number of online services facilitating cybercrimes, including business email compromise (BEC) and human-operated ransomware. In 2022 alone, Microsoft blocked 2.75 million site registrations ahead of criminal actors that planned to use them to engage in global cybercrime. CaaS sellers increasingly offer compromised credentials for purchase and we’re seeing more CaaS services and products with enhanced features to avoid detection.

Attackers are finding new ways to implement techniques and host their operational infrastructure, such as compromising businesses to host phishing campaigns and malware or using their computing power to mine cryptocurrency. Internet of Things (IoT) devices are becoming an increasingly popular target for cybercriminals using widespread botnets. When routers are unpatched and left exposed directly to the internet, threat actors can abuse them to gain access to networks, execute malicious attacks, and even support their operations.

While cybercrime is an ever-looming threat, there are a number of steps that security teams can take to better protect their organizations. And it starts with understanding how cybercriminals operate and where their organizational vulnerabilities lie.

Download the full Microsoft Digital Defense Report to better understand today’s cyber threat landscape and for even more details, check out our recent webinar, “Build cyber resilience by leveraging Microsoft experts' digital defense learnings.”

Explore more threat intelligence insights on Microsoft Security Insider.


Copyright © 2023 IDG Communications, Inc.