Sep 30, 2020 - Technology

Microsoft report highlights trends in cyber crime

Keys spelling out "Cyber"

Illustration: Sarah Grillo/Axios

Some 70% of cyberattacks by cyber criminals are now phishing-related, according to a new report from Microsoft, which also found that attacks on critical infrastructure represent just a small slice of state-backed hacking efforts.

Why it matters: In the past, the report notes, "cybercriminals focused on malware attacks" to compromise their targets. The shift reflects cyber criminals’ skill at quickly adapting, in this case by pivoting to tried-and-true human engineering to trick people into handing over credentials.

Of note: In the last year, Microsoft analysts observed hackers affiliated with "16 different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics," says the report.

  • These attacks targeted government health care organizations, as well as academic and commercial entities working on vaccine research, per the report.

Meanwhile: Though much attention has focused on breaches in critical infrastructure, the vast majority of cyber espionage observed by Microsoft is unrelated to it, says the report.

  • 90% of Microsoft’s "nation-state notifications in the past year have been to organizations that do not operate critical infrastructure," says the report.
  • "Common targets have included nongovernmental organizations (NGOs), advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security."
Go deeper