Hackers turn to email phishing as security investments mount

Gone are the days when criminals hacked into software to steal data, Microsoft claims

Hackers are still seeking out the easiest methods to launch attacks on victims, such as phishing or encouraging users to click on a link, rather than attempting to infiltrate software, a report by Microsoft has revealed.

The company's Microsoft Security Intelligence Report, which examines common themes in security over the last 12 months, revealed that hackers no longer want to invest the same time or money in hacking into software as they used to - the suggestion being that recent security investments by software vendors are beginning to pay off.

Hundreds of billions of email phishing attacks containing malicious URLs targeted users between February 2017 and January 2018, according to Microsoft's analysis of more than 400 billion emails on 1.2 billion devices, making up 53% of threats.

As well as using phishing methods to obtain private information, criminals are targeting ill-secured cloud apps. The company's report discovered that 86% of SaaS collaboration apps were not using any form of encryption, either at rest or in transit, and that only 3% of cloud apps used HTTPs protection.

Microsoft's security report also investigated into the impact of botnets on the computing industry - specifically the Gamarue botnet. As one of the leaders in botnet research, the company looked into 44,000 malware samples to understand how it operates and found that the botnet distributed more than 80 different malware families, with ransomware, trojans, and backdoors making up the majority of threats.

Its third major finding was the growing threat of ransomware attacks. During 2017, there were three major examples of this cybercrime technique: WannaCry, Petya/NotPetya, and BadRabbit, all of which had a significant impact on global businesses.

The problem will all three attacks was the speed at which they spread - faster than humans could stop or fix. This made them a lot more severe than previous ransomware attacks and demonstrates how cyber criminals are changing tact to make sure their threats have the biggest impact possible.

Microsoft also observed that all three major findings are all interconnected. Ransomware was the most common type of malware distributed by the Gamarue botnet and criminals are increasingly taking advantage of legitimate platform feature - such as the ability to attach a document to an email - with which to launch a phishing attack.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021