Trace Id is missing
Skip to main content
Microsoft Security

State of Cybercrime

Find out how attackers are adapting their techniques as cyber defenses improve.

Acting to create a safer ecosystem


unique phishing URLs and 5,400 phish kits were taken down at the direction of our Digital Crimes Unit.

70 billion

email and identity threat attacks were blocked by Microsoft last year alone.

2.75 million

site registrations were successfully blocked by Microsoft to get ahead of criminal actors that planned to use them to engage in global cybercrime. 

The growing threat of ransomware and extortion 

Ransomware attacks pose an increased danger as critical infrastructure, businesses of all sizes, and governments are targeted by criminals in the growing cybercriminal ecosystem.

Most seen vulnerabilities

The most commonly observed contributing factors to weak protection against ransomware were weak identity controls, ineffective security operations, and limited data protection. 

The top finding among ransomware incident response engagements was insufficient privilege access and lateral movement controls.

Business email compromise

Credential phishing schemes are on the rise and are a substantial threat to users everywhere because they indiscriminately target all inboxes. Among the threats our researchers track and protect against, the volume of phishing attacks is orders of magnitude greater than all other threats.

Business email compromise themes by percentage of occurrence.

Cybercriminal abuse of infrastructure

IoT devices are a popular target for cybercriminals using widespread botnets. Unpatched routers can be used to gain access to networks and execute malicious attacks.

Is hacktivism here to stay?

The war in Ukraine saw a surge in hacktivism, with volunteer hackers deploying tools to cause damage to political opponents, organizations, and even nation states.

Explore other critical focus areas

Nation State Threats

Nation state actors are launching increasingly sophisticated cyberattacks to evade detection and further their strategic priorities.

Devices and Infrastructure

As organizations harness advances in computing capability and entities digitize to thrive, the attack surface of the digital world is exponentially increasing.

Cyber Influence Operations

Today’s foreign influence operations utilize newmethods and technologies, making their campaignsdesigned to erode trust more efficient and effective.

Cyber Resilience

As threats in the cyber landscape increase, building cyber resilience into the fabric of the organization is as crucial as financial and operational resilience.

Read the report and connect with us

Follow Microsoft