Cyber onslaught: Microsoft reports 600M attacks a day, urges stricter penalties


Microsoft alone handles 600 million cyberattacks daily, ranging from ransomware to identity theft or phishing. The tech giant says that both cybercriminals and state-sponsored actors are undeterred by consequences when inducing harm.

The Microsoft Digital Defense Report 2024 paints a grim picture of a complex, challenging, and increasingly dangerous threat landscape.

“The immediate outlook is pessimistic,” described Tom Burt, Corporate Vice President of Customer Security and Trust at Microsoft.

ADVERTISEMENT

Microsoft has assigned roughly 34,000 full-time security engineers to combat security threats and has an additional 15,000 partners with specialized security expertise. And yet it’s ever more difficult to keep up with malign actors, who challenge even the world’s best cybersecurity defenders.

Cybercriminals, especially state-sponsored actors, are becoming better resourced and prepared with increasingly sophisticated tactics, techniques, and tools.

“Even Microsoft has been the victim of well-orchestrated attacks by determined and well-resourced adversaries, and our customers face more than 600 million cybercriminal and nation-state attacks every day,” Microsoft said.

Tech scams have skyrocketed 400% since 2022, while ransomware attack attempts increased by 2.75 times in a single year. Luckily, Microsoft also saw a threefold decrease in ransomware attacks reaching the encryption stage.

But the nation-state threat actors took the spotlight in the report.

“Nation-states are becoming more aggressive in the cyber domain, with ever-growing levels of technical sophistication that reflect increased investment in resources and training. These state-sponsored hackers are not just stealing data, but launching ransomware, prepositioning

backdoors for future destruction, sabotaging operations, and conducting influence campaigns,“ Burt said.

Microsoft said it processes 78 trillion security signals each day and blocks 7,000 password attacks each second.

ADVERTISEMENT

The lines between nation-state threat actors and cybercriminals are blurring, as state-affiliated threat actors increasingly use criminal tools, tactics, and even the criminals themselves to advance their interests.

In 2024, Microsoft observed Russian, Iranian, North Korean, and other nation-state actors conduct operations for financial gain, enlist cybercriminals to collect intelligence, particularly on the Ukrainian military, and make use of the same infostealers, command and control frameworks, and other tools favored by the cybercriminals.

Since last year, threat actors have started experimenting with AI, flooding their targets and the internet with generated text, imagery, and audio/video recordings.

Calls for ‘consequences’

Burt stressed that improved defenses will not be enough to fight cybercrime. Effective deterrence can be achieved in two ways: by denial of intrusions or by imposing consequences for malicious behavior, Microsoft believes.

“The sheer volume of attacks must be reduced through effective deterrence, and while the industry must do more to deny the efforts of attackers via better cybersecurity, this needs to be paired with government action to impose consequences that further discourage the most harmful cyberattacks,” Burt said.

He also noted that, in recent years, much attention has been given to developing international norms for behavior in cyberspace.

“Those norms so far lack meaningful consequence for their violation, and nation-state attacks have been undeterred, increasing in volume and aggression,” Burt said.

“Cybercriminals similarly continue to attack with impunity, knowing that law enforcement is

hampered by the challenges of investigation and prosecution of cross-border crime, and often

ADVERTISEMENT

operating from within apparent safe havens where government authorities turn a blind eye to the malicious activity.”

Microsoft warns that hybrid warfare, cyberattacks, and foreign influence operations pose grave risks to society's stability, prosperity, and national security.

Redmont giant also said that the tech industry must do more to deter attackers’ efforts through better cybersecurity. Some developments provide cause for optimism.

“Although we must anticipate the use of AI by attackers, advances in AI-powered cybersecurity should give defenders an asymmetric advantage in the near future,” Burt said.

The hope is that AI can significantly reduce the time to identify, investigate, and respond to an incident from days to minutes, and provide the opportunity for security teams to learnand train in real-time.