The newly released Microsoft Digital Defense Report 2024 provides in-depth analysis and insights into the latest trends in cybersecurity. This report is crucial for any organization looking to stay informed about the latest threats and adjust its defenses to protect against evolving cyber risks.
One of the most alarming findings found in this report is related to a growing ransomware trend: a 275% increase in human-operated ransomware encounters observed in Microsoft customers from July 2023 to June 2024.
Human-operated ransomware attacks are those where cybercriminals manually infiltrate a network before deploying ransomware to encrypt files, steal data, or disrupt operations. They differ from traditional, automated ransomware attacks in that they use more direct, hands-on interaction by hackers to create opportunities to exploit vulnerabilities and evade detection.
There have been several high-profile human-operated ransomware attacks in 2024, notably one targeting Change Healthcare that led to a massive, weeks-long disruption to the U.S. healthcare system. The Russian cybercriminal group known as Blackcat/Alphv used stolen credentials to gain access to Change Healthcare’s systems to deploy ransomware and exfiltrate six terabytes of data. UnitedHealth (the owner of Change Healthcare) ultimately paid $22 million in ransom – a far cry from the $1.5 billion it estimated the breach could cost in long-term damages.
Evan Dornbush, a former NSA cybersecurity expert, offered his perspective on these new ransomware strategies. “The Microsoft report signals one trend currently getting little attention, and that is likely to define the future of cybersecurity: the amount of money criminals can earn. The Microsoft report notes that as a sector, government only represents 12% of the aggressors’ targeting sets. The vast majority of victims are in the private sector. Until the economic model is fundamentally altered – either making it cheaper to defend or more expensive to attack – the advantage will increasingly drift toward the criminal.”
Ransomware Defense Progress Inspires New Threats
Yet there may be a glass-half-full interpretation of this increase in human-operated ransomware attacks. This increase may be a pivot based on the fact that traditional ransomware attacks are now better defended. The Microsoft Digital Defense Report also found that the percentage of attacks reaching the encryption phase – the sign of a successful ransomware attack – has decreased threefold in the last two years.
Microsoft credits better automatic disruption capabilities and technologies for this development. Companies are improving their ability to detect and prevent potential ransomware threats before the final encryption phase thanks to better cybersecurity measures such as advanced endpoint detection, network monitoring, and threat intelligence.
While this is a positive sign, ransomware threats are not disappearing, and threat actors will inevitably change their tactics. They may shift their focus to data exfiltration, human-operated attacks, or other threats. Organizations must do all they can to increase awareness and continue to bolster their defenses.
The Role Unmanaged Devices Play
According to the Microsoft report, 92% of successful ransomware attacks originated from unmanaged devices in the network. These are typically endpoint devices such as laptops, tablets, smartphones, IoT devices, or other technology capable of connecting to a network or communicating through Bluetooth or other methods. Unmanaged devices are often personal devices employees bring to work and may escape detection or monitoring by existing protocols.
These devices typically lack enterprise-level security controls – such as endpoint detection, automatic patching, and antivirus software – and it may be difficult, if not impossible, to secure. They may also have weak authentication, allowing hackers to easily exploit them and gain unauthorized access. Once in the hacker’s control, these devices can be infected with malware or forced to act as a gateway to further infiltrate the company’s systems.
All of this suggests that companies would be wise to focus on unmanaged devices in an attempt to improve their security posture.
Common Attack Vectors – and Defense Strategies
In the case of human-operated ransomware attacks, how are cybercriminals gaining access? Today, the most prevalent methods include: :
- Social engineering: email, SMS, and voice phishing
- Identity compromise when hackers steal or exploit official credentials to gain unauthorized access
- Vulnerabilities in public-facing applications or unpatched operating systems
To protect against these attack vectors – and best defend against ransomware threats – organizations should adopt several cybersecurity measures and best practices.
These include regular vulnerability scans to identify and solve existing security gaps before they can be exploited. They should also implement strict identity management solutions, such as multi-factor authentication (MFA), as well as least-privilege policies that can prevent unauthorized access to critical systems. Companies should also conduct rigorous employee training so they better recognize phishing attempts and other social engineering tactics.
Building Resilience Against Ransomware
The Microsoft Digital Defense 2024 Report highlights the rise in human-operated ransomware, a trend that is likely to continue as cybercriminals attempt new strategies for ransomware campaigns and other cyberattacks.
To combat these threats, organizations must prioritize the effort to secure all networked devices, including those that may fall outside of traditional IT security oversight. Using advanced cybersecurity technologies, adopting zero-trust frameworks, and staying up to date on the latest threats are all vital best practices to strengthen defenses.
Those organizations that are able to build more resilient infrastructure will be better positioned to protect vital data, systems, and operations. While traditional ransomware attacks are now less successful, threat actors will turn to new methods, requiring a more strategic, comprehensive security approach.
About the Microsoft Digital Defense Report
The Microsoft Digital Defense Report is an annual publication that provides in-depth analysis and insights into the latest trends in cybersecurity. It’s a valuable and comprehensive resource, it highlights emerging tactics used by cyber attackers, assesses the current threat landscape and offers actionable recommendations for organizations to enhance their overall security posture.
