Hackers turn to email phishing as security investments mount

Gone are the days when criminals hacked into software to steal data, Microsoft claims

Hackers are still seeking out the easiest methods to launch attacks on victims, such as phishing or encouraging users to click on a link, rather than attempting to infiltrate software, a report by Microsoft has revealed.

The company's Microsoft Security Intelligence Report, which examines common themes in security over the last 12 months, revealed that hackers no longer want to invest the same time or money in hacking into software as they used to - the suggestion being that recent security investments by software vendors are beginning to pay off.

Hundreds of billions of email phishing attacks containing malicious URLs targeted users between February 2017 and January 2018, according to Microsoft's analysis of more than 400 billion emails on 1.2 billion devices, making up 53% of threats.

As well as using phishing methods to obtain private information, criminals are targeting ill-secured cloud apps. The company's report discovered that 86% of SaaS collaboration apps were not using any form of encryption, either at rest or in transit, and that only 3% of cloud apps used HTTPs protection.

Microsoft's security report also investigated into the impact of botnets on the computing industry - specifically the Gamarue botnet. As one of the leaders in botnet research, the company looked into 44,000 malware samples to understand how it operates and found that the botnet distributed more than 80 different malware families, with ransomware, trojans, and backdoors making up the majority of threats.

Its third major finding was the growing threat of ransomware attacks. During 2017, there were three major examples of this cybercrime technique: WannaCry, Petya/NotPetya, and BadRabbit, all of which had a significant impact on global businesses.

The problem will all three attacks was the speed at which they spread - faster than humans could stop or fix. This made them a lot more severe than previous ransomware attacks and demonstrates how cyber criminals are changing tact to make sure their threats have the biggest impact possible.

Microsoft also observed that all three major findings are all interconnected. Ransomware was the most common type of malware distributed by the Gamarue botnet and criminals are increasingly taking advantage of legitimate platform feature - such as the ability to attach a document to an email - with which to launch a phishing attack.

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020