The main takeaway from the Microsoft security report: beware of phishing

Updated at: Oct 01, 2019
By Gatefy

The main takeaway from the Microsoft security report: beware of phishing

Phishing scams remain a trend causing losses and lots of headaches for people and companies. A new report from Microsoft points out that the number of phishing attacks increased by 250% in 2018. It's an astounding growth, not to use other words. The company scans monthly more than 470 billion Office 365 user emails.

According to the report, phishing protection tools have evolved a lot in recent years. But not only them. Likewise, to the unhappiness of those who do things right, cybercriminals have also adapted quickly. They’re constantly plotting and creating new ways to be more successful in their frauds and attacks.

“Phishing attacks have become increasingly polymorphic, which means attackers don’t use a single URL, domain, or IP address to send mail, but make use of a varied infrastructure with multiple points of attack”, claims the report.

Following this idea, the report says there has been an increase in the number of attacks using compromised email accounts and that, to avoid security and detection mechanisms, criminals are using hosted servers and public cloud infrastructure as a new tactic to impersonate legitimate services and products.

The main takeaway from the Microsoft report

If you have a business or are part of a company's IT team, what is the main key point that needs to be learned from the Microsoft report? The answer is simple: your company needs to invest in protection against advanced attacks and also against targeted attacks.

How to do it? To have the best defense possible, you need to adopt protection and awareness tools. After all, there is a reason why phishing continues to reign as one of the major types of cyberattacks: “Phishing promises to remain a problem for the foreseeable future because it involves human decisions and judgment in the face of persistent efforts by cybercriminals to make victims fall for their lures”, states the report.

If you don't know how to start, you can read more about email security software and protection against malware and phishing. It's also important to understand concepts such as sandbox, anti-virus and anti-spam. Remember: email is still the main vector of attacks and threats.

Other key points from the Microsoft security report: ransomware and cryptocurrency mining 

Microsoft’s report also notes that the number of ransomware attacks reduced last year because of the adoption of detection and education tools. As an effect, hackers have migrated their efforts to cryptocurrency mining.

Besides that, the document says that the number of software supply chain attacks over the past few years has increased.

To see the Microsoft Security Intelligence Report, click here. You can also check their interactive website to deep dive into the information and data.