Sep 30, 2020 - Technology

Microsoft report highlights trends in cyber crime

Zach Dorfman of the Aspen Institute

Keys spelling out "Cyber" — Illustration: Sarah Grillo/Axios

Some 70% of cyberattacks by cyber criminals are now phishing-related, according to a new report from Microsoft, which also found that attacks on critical infrastructure represent just a small slice of state-backed hacking efforts.

Why it matters: In the past, the report notes, "cybercriminals focused on malware attacks" to compromise their targets. The shift reflects cyber criminals’ skill at quickly adapting, in this case by pivoting to tried-and-true human engineering to trick people into handing over credentials.

Of note: In the last year, Microsoft analysts observed hackers affiliated with "16 different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics," says the report.

These attacks targeted government health care organizations, as well as academic and commercial entities working on vaccine research, per the report.

Meanwhile: Though much attention has focused on breaches in critical infrastructure, the vast majority of cyber espionage observed by Microsoft is unrelated to it, says the report.

90% of Microsoft’s "nation-state notifications in the past year have been to organizations that do not operate critical infrastructure," says the report.
"Common targets have included nongovernmental organizations (NGOs), advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security."

Add Axios on Google

Microsoft report highlights trends in cyber crime

What to read next