Image credit: CyberTex
Microsoft recently released its Digital Defense Report 2024, which highlights evolving cyber threats such as Nation-state threats, Ransomware, Fraud, Identity and social engineering, and DDOS attacks.
“The cyber threat landscape has continued to become more dangerous and complex. The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders. As the threats evolve, so must the strategies to combat them, requiring a concerted effort from individuals, organizations, and governments alike,” the report reads.
This article will highlight key insights and statistics from the 2024 Digital Defense Report.
Nation-state threat actors
Nation-state affiliated threats have been a major actor in cyber operations worldwide. In 2024, IT sector became the most targeted sector by nation-state threat actors with the Education and Research being the second most targeted. The list continues with the following sectors — Government, Think tanks and NGOs, Transportation, Consumer Retail, Finance, Manufacturing, Communications and others.
Also read: Data Breaches in Ghana & Africa (Q1 of 2024)
Online Fraud
In an era where digital transformation accelerates almost every type of business operation, fraud tactics continue to challenge resilience around the world. The World Economic Forum reports scammers stole over $1 trillion US globally from victims in 2023. This means companies lost an average of 1.5% in profits due to fraud, while consumers faced a staggering $8.8 billion US in losses—up 30% from 2022.
Phishing remains a significant cybersecurity threat. According to TrendMicro, phishing attacks increased by 58% in 2023. Email remains the major target for phishing attacks with 775 million email messages containing malware from July 2023 to June 2024. The top email phishing types recorded were Phishing URL/link, QR code phishing and phishing attachment.
Phishing campaigns targeted consumers of the following sectors the most: Software and Services (54%), Financial (15%), Retail (12%), Media and Entertainment (11%), Freight and Logistics (5%), and others (3%).
Identity Attacks and Social Engineering
Cybercriminals exploit legitimate and authorized identities to steal confidential data, and access credentials in various ways like phishing, malware, data breaches, brute-force/password spray attacks, and prior compromises.
As in past years, password-based attacks on users constitute most identity-related attacks, supported by massive infrastructure that threat actors have been dedicated to combing the digital world for passwords.
Microsoft Entra data shows that of more than 600 million identity attacks per day, with more than 99% being password-based.
Regardless of the technique, social engineering remains a constant threat that ultimately cannot be fully mitigated via technology.
Also read: 12 common cyber-attacks and trends in Ghana (2024)
DDOS Attacks
Since mid-March, Microsoft has seen a sharp increase in network DDoS attacks, with about 4,500 attacks per day in June. There has also been a notable rise in attacks targeting medium-sized applications. Application layer attacks, ranging from 100,000 to 1 million packets-per-second, are more sophisticated and harder to mitigate than network-level attacks. These attacks directly target specific web applications, highlighting the relentless efforts of attackers to bypass DDoS protection measures. Without proper protection, these applications could face availability issues.
The increased focus of DDoS attacks on the application layer rather than the more traditional network layers has created a greater risk of impact on business availability, such as access to online banking services or the ability to check-in for airline flights.
Source: Microsoft Digital Defense Report 2024.
About Author
