Trace Id is missing

Microsoft Digital Defense Report 2024

Microsoft Digital Defense Report 2024: The foundations and new frontiers of cybersecurity

Complex, challenging, and increasingly dangerous

In the last year, the cyber threat landscape continued to become more dangerous and complex. The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders.  Even Microsoft has been the victim of well-orchestrated attacks by determined and well-resourced adversaries, and our customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks.

Microsoft’s unique, expansive, and global vantage point gives us unprecedented insight into key trends in cybersecurity affecting everyone from individuals to nations. The spectrum of security signals we see is further enhanced by the diversity of our customers and partners, including governments, enterprises large and small, consumers, and gamers.

Microsoft’s unique vantage point

  • Microsoft serves billions of customers globally, allowing us to aggregate security data from a broad and diverse spectrum of companies, organizations, and consumers.
     

    Our presence in the digital ecosystem positions us to observe key trends in cybersecurity. Microsoft’s perspectives on cybersecurity are framed through 50 years of experience and insight.

  • An extra 13 trillion* security signals per day from the cloud, endpoints, software tools, and partner ecosystem, to understand and protect against digital threats and criminal cyberactivity.

     

    *2023: 65 trillion, 2024: 78 trillion

  • Microsoft Threat Intelligence now tracks more than 1,500 unique threat groups—including more than 600 nation-state threat actor groups, 300 cybercrime groups, 200 influence operations groups, and hundreds of others.
  • In response to growing cyber threats, Microsoft reassigned roughly 34,000 full-time equivalent engineers to security initiatives. This team is dedicated to enhancing defenses, developing phishing-resistant MFA, and strengthening the corporate network. By prioritizing security, Microsoft ensures its products and services remain resilient against increasingly sophisticated cyberattacks.

  • Microsoft’s support for cloud infrastructure, platforms, applications, and multi-cloud scenarios helps categorize vulnerabilities across critical environments like electrical power monitoring and building automation systems. This vast ecosystem of partners enriches our data, enabling the detection of critical weaknesses. By leveraging this data, we enhance our threat intelligence and continuously strengthen the security of the ecosystem.

Chapter 1 highlights the increasing complexity of the global cyber threat landscape, driven by sophisticated nation-state actors, rising ransomware attacks, evolving fraud tactics, persistent phishing threats, and new challenges in identity security. Insights from this chapter underscore the urgent need for proactive and multi-faceted cybersecurity strategies.

Chapter 1 summary

  • Nation-state threat actors are conducting operations for financial gain and enlisting the aid of cybercriminals and commodity malware to collect intelligence. 

     

    In 2024, a key insight was that Education and Research became the second-most targeted sector by nation-state threat actors. These institutions, offering intelligence on research and policy, are often used as testing grounds before pursuing their actual targets.

  • Ransomware remains a critical cybersecurity concern. Microsoft observed a 2.75x year-over-year increase in human-operated ransomware-linked encounters, where at least one device in a network was targeted. Although these encounters have risen, the percentage of organizations that are ultimately ransomed (reaching the encryption stage) has decreased more than threefold over the past two years.

  • Cyber-enabled financial fraud is rising globally, with new trends in payment fraud and the misuse of legitimate services for phishing and malicious activities. One alarming type of fraud is techscam, which tricks users by impersonating legitimate services or using fake tech support and ads. Techscam traffic surged from 2021 to 2023, far outpacing the rise in malware and phishing, underscoring the need for stronger defenses.
  • As organizations move to the cloud, identity-related attacks have surged, with adversaries using compromised credentials to access critical resources. 

     

    Microsoft Entra data shows password-based attacks make up over 99% of the 600 million daily identity attacks. Over the past year, Microsoft blocked 7,000 password attacks per second, highlighting the persistent and pervasive nature of these threats.

  • DDoS attacks continued to evolve, targeting the layer. In the second half of the year, Microsoft mitigated 1.25 million DDoS attacks, representing a 4x increase compared with last year.

     

    Of note in 2024: The shift toward application-layer attacks poses greater risks to business availability, such as online banking. These attacks are stealthier, more sophisticated, and harder to mitigate than network-level attacks.

For additional details on the evolving cyberthreat landscape, download the full report

Chapter 2 emphasizes everyone’s responsibility for keeping their own houses in order. It advocates for robust accountability beyond just compliance checklists and promotes a threat-informed defense strategy that strengthens resilience across the cyber landscape. This strategy extends beyond organizational security to critical environments and elections, calling for collective action and urging stronger collaboration between industry and government to enhance overall security.

Chapter 2 summary

  • Organizations must address technical debt, outdated security controls, and shadow IT while implementing up-to-date data security policies to stay resilient, especially with the rise of generative AI.
  • Securing operational technology (OT) systems, particularly in critical infrastructure, requires special considerations for improving the security posture of these environments. We see a number of trends that will increasingly impact OT security.
  • Collaboration between industry, governments, and organizations is essential for tackling global cybersecurity threats, from securing defense systems to protecting democratic elections through joint initiatives.

Featured insight: Understanding attack paths for threat-informed defense

One key takeaway from Chapter Two is the need to understand attack paths for threat-informed defense. Organizations should identify the most likely attack paths leading to critical assets and continuously mitigate them. Attack path analysis incorporates asset inventories, vulnerability data, and external attack surfaces to construct a possible attack chain leading to a critical asset.
For additional details on how we can center our organizations on security, download the full report

Chapter 3 explores how AI is transforming both the threat landscape and cybersecurity defense, highlighting emerging AI-driven cyber risks, including nation-state operations. It emphasizes how AI-powered tools enhance defense capabilities and details ongoing global collaboration to establish standards and frameworks for securing AI technology.

Chapter 3 summary

  • The rapidly evolving AI threat landscape introduces both system threats and ecosystem threats. Emerging threat actor techniques include AI-enabled spear phishing, résumé swarming, and deepfakes.
  • AI enhances security operations by improving threat detection, response speed, and incident analysis, providing defenders with significant advantages against sophisticated attacks and enabling more efficient management of cybersecurity operations.
  • Governments and industries are collaborating on AI security regulations, international standards, and collective defense initiatives to ensure AI's responsible use and to mitigate the risks posed by malicious actors using AI for cyberattacks.

Featured insight: Nation-state threat actors using AI for influence operations

Among the many insights from Chapter Three is the observation that Russia, Iran, China, and other nation states are increasingly incorporating AI-generated or enhanced content into their influence operations in search of greater productivity, efficiency, and audience engagement.

Microsoft is proud to continue its more than 20-year tradition of helping the world understand and mitigate cyber threats with this edition of the Microsoft Digital Defense Report.

We believe transparency and information sharing are essential to the protection of the global cyber ecosystem. Communicating the insights that we derive from our unique vantage point is one of the many ways we work to make the cyber world a safer place.

Executive summaries

Executive Summary

The Executive Summary provides an introduction on the threat landscape by Tom Burt, along with the top insights from the report.

CISO Executive Summary

The CISO edition of the Executive Summary provides an introduction by Igor Tsyganskiy and gives an in-depth, narrative-style summary, highlighting key points of interest for modern chief information security officers.

Governments and Policy Makers Executive Summary

The Government and Policy Makers edition of the Executive Summary, introduced by Tom Burt, highlights key trends in threat actor activity, deterrence, and collective action, offering critical insights for government security leaders and policy makers.

More from Security

Our commitment to earn trust

Microsoft is committed to the responsible use of AI, protecting privacy, and advancing digital safety and cybersecurity.

Emerging threats reports

Learn about the latest emerging threats from Microsoft threat data and research. Get analysis on trends and actionable guidance to strengthen your first line of defense.

Microsoft Digital Defense Report archives

Explore previous Microsoft Digital Defense Reports and see how the threat landscape and online safety has changed in a few short years

Follow Microsoft Security