Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Illustration: Sarah Grillo/Axios
Some 70% of cyberattacks by cyber criminals are now phishing-related, according to a new report from Microsoft, which also found that attacks on critical infrastructure represent just a small slice of state-backed hacking efforts.
Why it matters: In the past, the report notes, "cybercriminals focused on malware attacks" to compromise their targets. The shift reflects cyber criminals’ skill at quickly adapting, in this case by pivoting to tried-and-true human engineering to trick people into handing over credentials.
Of note: In the last year, Microsoft analysts observed hackers affiliated with "16 different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics," says the report.
- These attacks targeted government health care organizations, as well as academic and commercial entities working on vaccine research, per the report.
Meanwhile: Though much attention has focused on breaches in critical infrastructure, the vast majority of cyber espionage observed by Microsoft is unrelated to it, says the report.
- 90% of Microsoft’s "nation-state notifications in the past year have been to organizations that do not operate critical infrastructure," says the report.
- "Common targets have included nongovernmental organizations (NGOs), advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security."