The type, quality and sheer number of cyber attacks has grown enormously in the past year – with Windows users now exposed to more than 600 million potential attacks every single day.
This eye-watering figure comes direct from Microsoft itself, just one of a number of startling revelations from its latest Digital Defence Report.
Elsewhere in the 114-page document Microsoft notes how it managed to stop 1.25 million DDoS attacks in the last year alone – a fourfold increase in the figure reported in 2023 – and will typically block 7,000 password attacks per second.
Despite these successes some cybercriminals do still make it through, not only hitting small operators with potentially weaker defences, but also some enormously high-profile entities as well. Notable among these was the US healthcare system, which has suffered 389 successful attacks in this fiscal year, many of which resulted in system downtime and the postponement of some procedures.
One of the big drivers for cybercrime successes in 2024 came from AI, which has allowed hackers to quickly and easily craft legitimate-looking emails, websites or even CVs. These now pass the first level of scrutiny – when previously they may have fallen down.
Cybercriminals are also turning businesses’ own AI tools against them. So-called cross-prompt injection attacks (or XPIA) send fake inputs to legitimate AI solutions, causing them to disclose the data they were originally programmed to protect.
As in so many other of Microsoft’s reports, passwords were identified as a significant weakness in countless systems across the globe. Of the 600 million attacks being launched daily, more than 99% are thought to be password-based, showing again the need for secure login credentials (or, better still, systems like biometrics which do away with traditional alphanumeric passwords altogether).
Outlining the report, Microsoft noted how “the cyber threat landscape continued to become more dangerous and complex” over the past year.
It added: “The malign actors of the world are becoming better resourced and better prepared. We believe transparency and information sharing are essential to the protection of the global cyber ecosystem. Communicating the insights that we derive from our unique vantage point is one of the many ways we work to make the cyber world a safer place.”