Η Microsoft published a new 88-page report (Microsoft Digital Defense Report), which describes its main findings on the general trends in the cyber threat landscape over the past year and a half.
During 2020, many took place attacks related to COVID-19. However, according to Microsoft, these attacks were minimal compared to the total malware attacks occurred during these months. The pandemic played only a small role in hacking businesses of 2020.
The phishing attacks in business was very common during this time. The attackers were creating fake addresses that seemed to come from well-known companies, such as Microsoft, UPS, Amazon, Apple and Zoom. Microsoft said it blocked more than 13 billion malicious and suspicious messages in 2019, of which more than 1 billion contained URLs created for phishing.
Phishing is usually the first step in Business Email Compromise (BEC) scams. Scammers gain access to the inbox of a company executive, monitor their communications, then send messages to employees, pretending to be executives, and request large sums of money to be transferred to accounts.
However, Microsoft says attackers do not just use Phishing techniques to access accounts. They also take advantage of the habit of users to use the same passwords on different accounts and adopt "Password spray" techniques targeting old protocols e-mail, such as IMAP and SMTP. These attacks have been very popular in recent months, as they allow bypass multi-factor authentication (IMAP and SMTP connection does not support this feature).
In addition, Microsoft has observed that many hacking groups exploit public cloud-based public utilities services to save payloads for their attacks. They do not use their own servers. Finally, the teams change domains and servers much faster to avoid detection.
The most important threat in the last year and a half was ransomware. The most dangerous hackers were the so-called "big game hunters", Ie those who target large companies, from which they can earn a lot of money.
In most cases, attackers gain access to a network and wait for the right time to come. attack. According to Microsoft, this year ransomware gangs were very active and significantly reduced the time it took to launch an attack.
In some cases, criminals it took just 45 minutes to encrypt the entire network after initial access.
States hacking teams
The government hacking teams, also known as APT, have also been very active in the last year. From July 2019 to June 2020, Microsoft sent more than 13.000 alerts to its customers to alert them to this threat.
Most of the attacks came from Russians hackers and The victims were mainly in the USA.
The alerts alerted customers mainly to phishing attacks. Microsoft said it tried to crack down on some of these attacks by using court orders to close malicious domains.
According to the report, The primary targets of the APT attacks were non-governmental organizations. This finding contradicts other reports. Many experts argue that APT teams prefer to target critical infrastructure.
The most common tactics used by these hackers are:
- Password spraying (Phosphorus, Holmium and Strontium)
- Use of penetration testing tools (Holmium)
- Spear-phishing attacks (Thallium)
- Use web shells on backdoor servers (Zinc, Krypton, Gallium)
- Use of exploits targeting VPN servers (Manganese)
Overall, Microsoft concludes that criminal gangs are developing more sophisticated techniques for their attacks as companies continually improve their defenses.