Microsoft Digital Defense Report 2024

A headline reads "Current and emerging threats" surrounded by key topics: "AI as a threat," "Conflicting regulatory requirements," "Cybercriminals," "Nation-state actors," "Supply chain and ecosystem," and "Technical debt." These items are positioned around the headline in a visually organized layout.

A security executive gestures to a large digital screen displaying global data and analytics.

Map titled "Monitoring more than 600 nation-state groups," displaying regions where various threat actor groups operate. The map uses a color-coded legend: Russia (orange), China (green), North Korea (purple), Iran (light blue), Influence Operations (gray), Financially Motivated (yellow), and Groups in Development (lavender). Each group is represented by an icon on the map, placed in the corresponding regions. The map background is dark purple, and land areas are beige. The legend is positioned on the right side of the image.

The image shows a diagram with the headline "Security focused engineering: Putting security above all else." At the top, there is a bar labeled with three categories: "Secure by Design," "Secure by Default," and "Secure Operations."

Below this, the diagram highlights six security principles, arranged in two rows of three boxes each:

Protect identities and secrets

Protect tenants and isolate production systems

Protect network

Protect engineering systems 

Monitor and detect threats

Accelerate response and remediation

At the center of the diagram is the concept of "Security Culture and Governance," with arrows indicating that it drives "Continuous Improvement."

At the bottom, two labels are present: "Paved Path" and "Standards," connected by arrows that show an iterative process, reinforcing security best practices. 

The background is dark with a dotted pattern, and icons in the boxes represent the different security principles.

A group of professionals seated and standing in a modern conference space at the Microsoft Digital Crimes Center, attentively listening to a speaker. A large digital display next to the speaker shows cybersecurity statistics and trends.

A bar graph titled "Top 10 Targeted Sectors Worldwide" shows the percentage of cyberattacks targeting various sectors. 

The IT sector is the most targeted at 24%, followed by Education and Research at 21%, Government at 12%, Think Tanks and NGOs at 5%, Transportation at 5%, Consumer Retail at 5%, Finance at 5%, Manufacturing at 4%, Communications at 4%, and all other sectors combined at 16%. 

A note at the bottom states “Threat actors from Russia, China, Iran, and North Korea pursued access to IT products and services, partially to conduct supply chain attacks. Source: Microsoft Threat Intelligence, nation-state notification data."

Bar chart titled 'Organizations with ransom-linked encounters continues to increase while the percentage of those ransomed is decreasing (July 2022–June 2024).' 

The chart tracks the number of organizations with ransomware-linked encounters (orange bars) and the percentage of organizations ransomed (purple line) over time. 

The orange bars indicate a general rise in ransomware-linked encounters, peaking in April 2024. The purple line shows the percentage of organizations ransomed decreasing steadily over the past two years. 

A caption at the bottom notes that, while encounters are increasing, the percentage of organizations reaching the encryption stage has decreased more than threefold. 

Source: Microsoft Defender for Endpoint.

Bar chart titled 'Daily malicious traffic volume (millions)' compares the volume of techscam, malware, and phishing traffic across 2021 (orange), 2022 (purple), and 2023 (peach). 

The chart shows a significant increase in techscam traffic, rising from 4 million in 2021 to 12 million in 2023. 

Malware and phishing traffic show smaller increases, with malware rising from less than 1 million in 2021 to around 2 million in 2023, and phishing rising from around 1 million in 2021 to 2 million in 2023. 

A note below states “The daily volume of techscam traffic has escalated dramatically, skyrocketing by 400% since 2022, a stark contrast to the 180% increase in malware and 30% increase in phishing over the same period.” 
 

Source: SmartScreen log data.

Infographic titled 'Identity attacks in perspective: Password-based attacks continue to dominate, but can be thwarted by using strong authentication methods.' 

On the left, a large orange pie chart contains the text: 'More than 99% of identity attacks are password attacks,' followed by a list: 'Breach replay, Password spray, Phishing.' 

Below the list, the text reads: 'Rely on predictable human behaviors such as selecting easy-to-guess passwords, reusing them on multiple websites, and falling prey to phishing attacks.' 

To the right of the main pie chart, a smaller pie chart shows that less than 1% of attacks fall into other categories. 

These categories are broken down into 'MFA attacks' (SIM swapping, MFA fatigue, AiTM), 'Post-authentication attacks' (Token theft, Consent phishing), and 'Infrastructure compromise.' 

At the bottom, the source is cited: 'Source: Microsoft Threat Intelligence.'

Line graph titled 'Number of network DDoS attacks (January-June 2024)' shows the daily volume of DDoS attacks from January 1 to June 20, 2024. 

The graph depicts layers of attacks based on packets per second (pps), color-coded as follows: L2 (1K - 10K, purple), L3 (10K - 100K, light orange), L4 (100K - 1M, lavender), L5 (1M - 10M, dark orange), and L6 (>10M, green). 

The chart shows a notable increase in Layer 4 (L4) attacks, particularly around mid-March, with peaks around March 20 and May 15. 

The caption states “The number of DDoS attacks mitigated continues to increase, with a notable surge layer 4 (L4 application layer) attacks. Application layer attacks are more stealthy, sophisticated, and difficult to mitigate than network-level attacks.

Source: Microsoft Global DDoS Mitigation Operations.