Hackers turn to email phishing as security investments mount
Gone are the days when criminals hacked into software to steal data, Microsoft claims
Hackers are still seeking out the easiest methods to launch attacks on victims, such as phishing or encouraging users to click on a link, rather than attempting to infiltrate software, a report by Microsoft has revealed.
The company's Microsoft Security Intelligence Report, which examines common themes in security over the last 12 months, revealed that hackers no longer want to invest the same time or money in hacking into software as they used to - the suggestion being that recent security investments by software vendors are beginning to pay off.
Hundreds of billions of email phishing attacks containing malicious URLs targeted users between February 2017 and January 2018, according to Microsoft's analysis of more than 400 billion emails on 1.2 billion devices, making up 53% of threats.
As well as using phishing methods to obtain private information, criminals are targeting ill-secured cloud apps. The company's report discovered that 86% of SaaS collaboration apps were not using any form of encryption, either at rest or in transit, and that only 3% of cloud apps used HTTPs protection.
Microsoft's security report also investigated into the impact of botnets on the computing industry - specifically the Gamarue botnet. As one of the leaders in botnet research, the company looked into 44,000 malware samples to understand how it operates and found that the botnet distributed more than 80 different malware families, with ransomware, trojans, and backdoors making up the majority of threats.
Its third major finding was the growing threat of ransomware attacks. During 2017, there were three major examples of this cybercrime technique: WannaCry, Petya/NotPetya, and BadRabbit, all of which had a significant impact on global businesses.
The problem will all three attacks was the speed at which they spread - faster than humans could stop or fix. This made them a lot more severe than previous ransomware attacks and demonstrates how cyber criminals are changing tact to make sure their threats have the biggest impact possible.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Microsoft also observed that all three major findings are all interconnected. Ransomware was the most common type of malware distributed by the Gamarue botnet and criminals are increasingly taking advantage of legitimate platform feature - such as the ability to attach a document to an email - with which to launch a phishing attack.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.