Hackers turn to email phishing as security investments mount

Gone are the days when criminals hacked into software to steal data, Microsoft claims

Hackers are still seeking out the easiest methods to launch attacks on victims, such as phishing or encouraging users to click on a link, rather than attempting to infiltrate software, a report by Microsoft has revealed.

The company's Microsoft Security Intelligence Report, which examines common themes in security over the last 12 months, revealed that hackers no longer want to invest the same time or money in hacking into software as they used to - the suggestion being that recent security investments by software vendors are beginning to pay off.

Advertisement - Article continues below

Hundreds of billions of email phishing attacks containing malicious URLs targeted users between February 2017 and January 2018, according to Microsoft's analysis of more than 400 billion emails on 1.2 billion devices, making up 53% of threats.

As well as using phishing methods to obtain private information, criminals are targeting ill-secured cloud apps. The company's report discovered that 86% of SaaS collaboration apps were not using any form of encryption, either at rest or in transit, and that only 3% of cloud apps used HTTPs protection.

Microsoft's security report also investigated into the impact of botnets on the computing industry - specifically the Gamarue botnet. As one of the leaders in botnet research, the company looked into 44,000 malware samples to understand how it operates and found that the botnet distributed more than 80 different malware families, with ransomware, trojans, and backdoors making up the majority of threats.

Advertisement
Advertisement - Article continues below

Its third major finding was the growing threat of ransomware attacks. During 2017, there were three major examples of this cybercrime technique: WannaCry, Petya/NotPetya, and BadRabbit, all of which had a significant impact on global businesses.

Advertisement - Article continues below

The problem will all three attacks was the speed at which they spread - faster than humans could stop or fix. This made them a lot more severe than previous ransomware attacks and demonstrates how cyber criminals are changing tact to make sure their threats have the biggest impact possible.

Microsoft also observed that all three major findings are all interconnected. Ransomware was the most common type of malware distributed by the Gamarue botnet and criminals are increasingly taking advantage of legitimate platform feature - such as the ability to attach a document to an email - with which to launch a phishing attack.

Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020