Financially motivated cybercrime and fraud, in particular ransomware attacks, have risen over the last year and remain a “persistent threat”, Microsoft has said.
The technology giant’s annual Microsoft Digital Defence report said it had seen the number of ransomware attacks more than double over the last 12 months.
Fraudulent emails, texts and voice messages continue to be the most common way that cybercriminals are able to gain access to users’ files, but Microsoft said gaps in cybersecurity because of missed software updates and hackers exploiting known vulnerabilities also continue to be an issue.
The report also said the tech giant had seen the number of online scams spotted had risen five-fold in the last two years, with Microsoft now observing around 100,000 scams a day in 2024.
The ongoing rise of generative AI, and its potential use to cybercriminals, was flagged in the report – with Microsoft warning that both criminals and nation states were experimenting with the technology to spread misinformation and attempt to influence people.
In particular, Microsoft said it was seeing operations linked to China favouring AI-generated imagery, while Russia-linked operations preferred audio-based content.
But the report said it had not yet observed such content “being effective in swaying audiences”, and AI was also showing signs of being very beneficial to cybersecurity professionals as a tool to help speed up response time to attacks and cyber incidents.
Elsewhere in the report, Microsoft said it was increasingly seeing nation states turning to cybercriminals and the tools they use in order to gather intelligence as well as to make financial gain.
Tom Burt, corporate vice president for customer security and trust at Microsoft, said the “vast majority” of cyber threat activity it had seen over the last year had come from Russia, China, Iran and North Korea.
And the threat report highlighted that much of the nation state activity over the last year had been focused on conflict zones and regions of tensions, in particular Ukraine and the Middle East.
“Aside from the United States and the United Kingdom, most of the nation-state affiliated cyber threat activity we observed was concentrated around Israel, Ukraine, the United Arab Emirates, and Taiwan,” Mr Burt said.
“In addition, Iran and Russia have used both the Russia-Ukraine war and the Israel-Hamas conflict to spread divisive and misleading messages through propaganda campaigns that extend their influence beyond the geographical boundaries of the conflict zones, demonstrating the globalised nature of hybrid warfare.”
The report said around 75 per cent of Russia’s targets had been in Ukraine or a Nato member state, as it said Moscow looked to collect intelligence on the West’s policies on the war.
It said Russia, along with Iran and China had also been observed driving misinformation campaigns around the upcoming US election as part of efforts to ” degrade confidence in elections as a foundation of democracy”.
“Microsoft customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks,” Mr Burt said.
“Once again, nation-state affiliated threat actors demonstrated that cyber operations — whether for espionage, destruction, or influence — play a persistent supporting role in broader geopolitical conflicts.
“Also fuelling the escalation in cyberattacks, we are seeing increasing evidence of the collusion of cybercrime gangs with nation-state groups sharing tools and techniques.
“We must find a way to stem the tide of this malicious cyber activity.
“That includes continuing to harden our digital domains to protect our networks, data, and people at all levels. However, this challenge will not be accomplished solely by executing a checklist of cyber hygiene measures but only through a focus on and commitment to the foundations of cyber defence from the individual user to the corporate executive and to government leaders.