Microsoft: Generative AI cyberattacks are rising

Microsoft’s Digital Defense Report 2024 reveals escalating financially motivated cyberthreats and the increasing use of generative AI to launch more sophisticated cyberattacks.

While there are millions of cyberattacks occurring daily, Microsoft customers have faced more than 600 million cybercriminal and nation-state attacks. While financially motivated cybercrime and fraud remain a persistent threat for organizations around the world, what makes it more interesting is the methods cybercriminals use to target their victims and wreak havoc upon them.

According to the findings by Microsoft’s fifth annual Digital Defense Report, cyber-enabled financial fraud is rising globally, with new trends in payment fraud and the misuse of legitimate services for phishing and malicious activities. The report also highlighted the rise of techscam.

Techscam activities involve cybercriminals impersonating legitimate services or using fake tech support and ads to lure and trick victims. While techscam has been around for some time, the traffic in techscam has surged by a whopping 400% from 2021 to 2023. The surge even outpaced the 180% rise in malware and 30% rise in phishing.

“In the past year, Microsoft observed a significant uptick in tech scam traffic with daily frequency surging from 7,000 in 2023 to 100,000 in 2024. Over 70% of malicious infrastructure was active for less than two hours, meaning they may be gone before they’re even detected. This rapid turnover rate underscores the need for more agile and effective cybersecurity measures,” wrote Tom Burst, Corporate Vice President for Customer Security and Trust at Microsoft in a blog post.

Burst also mentioned that the report showed 2.75 times increase year over year in ransomware attacks. However, he also highlighted that there was a threefold decrease in ransom attacks reaching the encryption stage. Social engineering continues to be the most prevalent initial access technique.

With organizations moving more workloads to the cloud, identity-related attacks have surged, with adversaries using compromised credentials to access critical resources. Email phishing, SMS phishing, and voice phishing are not just the only concerns as compromised identities and vulnerabilities in public facing applications or unpatched operating systems are contributing to the attacks.

The report revealed that Microsoft Entra data showed password-based attacks make up over 99% of the 600 million daily identity attacks. Over the past year, Microsoft blocked 7,000 password attacks per second, highlighting the persistent and pervasive nature of these threats.

Nation state threat actors after financial gain

Microsoft’s report also revealed that nation-state affiliated threat actors demonstrated that cyber operations, be it for espionage, destruction, or influence, continue to play a persistent supporting role in broader geopolitical conflicts. Burst pointed out that Microsoft is increasing evidence of the collusion of cybercrime gangs with nation-state groups sharing tools and techniques.

“We must find a way to stem the tide of this malicious cyber activity. That includes continuing to harden our digital domains to protect our networks, data, and people at all levels. However, this challenge will not be accomplished solely by executing a checklist of cyber hygiene measures but only through a focus on and commitment to the foundations of cyber defense from the individual user to the corporate executive and to government leaders,” said Burst.

Interestingly, Microsoft observed that some nation-state actors conduct operations for financial gain. The report revealed that in 2024, education and research became the second-most targeted sector by nation-state threat actors after IT. These institutions, offering intelligence on research and policy, are often used as testing grounds before pursuing their actual targets.

Another interesting finding from the study is the increasing use of generative AI in cyberattacks. The report revealed that threat actors, be it cybercriminals and nation states, are experimenting with AI to launch more sophisticated cyberattacks. For example, China-affiliated actors are in favour of AI-generated imagery, while Russia-affiliated actors use audio-focused AI across mediums.

While generative AI cyberattacks are more concerning, Burst also feels that AI has shown its benefits to cybersecurity professionals by acting as a tool to help respond in a fraction of the time it would take a person to manually process a multitude of alerts, malicious code files, and corresponding impact analysis.

“With more than 600 million attacks per day targeting Microsoft customers alone, there must be countervailing pressure to reduce the overall number of attacks online. Microsoft continues to do our part to reduce intrusions and has committed to taking steps to protect ourselves and our customers through our Secure Future Initiative,” added Burst.

Microsoft believes that by leveraging this data, businesses will be able to enhance their threat intelligence and continuously strengthen the security of the ecosystem. With more than 15,000 partners with specialized security expertise, Microsoft also believes that the ecosystem of partners will enrich its data, enabling the detection of critical weaknesses.