Microsoft Digital Defense Report

Knowledge is powerful. This report encompasses learnings from security experts, practitioners, and defenders at Microsoft to empower people everywhere to defend against cyberthreats.

Read the report

Build a stronger defense with the insights and expertise in the Microsoft Digital Defense Report

Signals

Over 24 trillion security signals are analyzed every 24 hours offering a uniquely comprehensive view of the current state of security.

Experts

More than 8,500 Microsoft security experts from across 77 countries have helped provide a critical perspective on the security landscape.

Insights

Synthesized, integrated insights came from more teams, across more areas of Microsoft than ever before.

The state of cybercrime

We’ve seen cybercrime evolve as a national security threat that’s driven largely by financial gain. Positively, transparency is increasing as more victims of cybercrime come forward to share their stories. Government cybersecurity efforts have also increased in response to cyberthreats.

25+

There are more than 25 different kinds of malicious email techniques in addition to phishing.

15k

More than 15k phishing sites were neutralized within three months.

50%

We’ve seen a 50% year-over-year reduction in employee susceptibility to phish after simulation training.

Nation state threats

Nation state threat actors have become more sophisticated and harder to detect, creating a threat to security that is replicated by other cybercriminals.

Supply chain, IoT, and OT security

The Internet of Things (IoT), operational technology (OT), and supply ecosystems have been treated in isolation but to counter attacks, security needs to take a holistic approach. Multiple layers of defenses such as multifactor authentication can help maintain security.

Secure your devices

20 million devices

This was the number of devices found to use the default password “admin” in just 45 days of signals.

7 properties

We identified seven properties that are present in devices considered to be highly secured.

Nearly all industries affected

Critical vulnerabilities were found in several IoT and OT operating systems.

Hybrid Workforce Security

In both the physical and digital worlds, the primary way criminals get in is through an unlocked door. Organizations that do not apply or maintain basic security hygiene like patching, applying updates, or turning on multifactor authentication will face much greater exposure to attacks, including ransomware or Distributed Denial of Service (DDoS).

Phishing is responsible for almost 70% of data breaches

Basic security hygiene still protects against 98% of attacks.

Be cautious of “reliable” sources

Cybercriminals are using malware that is posed as legitimate software updates causing an increase in insider risk.

Update legacy systems to stay ahead of attacks

Adversaries are targeting on-premises systems, reinforcing the need for data governance and for organizations to move to the cloud.

Disinformation

Disinformation is being created and disseminated at increasing scale and speed.

Disinformation vs. misinformation

Empathy is needed when dealing with misinformation, which is false information that’s spread unintentionally by people who often have good intentions.

Spreading doubt

Threat and situational intelligence can be supplanted with disinformation to generate bias or create doubt in data integrity with decision makers.

Emerging threat of deepfakes

Improvements in AI have allowed deepfake videos and audio to directly harm individuals. They can now be used to trick employees into releasing or sharing credentials.

Actionable Insights

Technology and cyber risk can’t be treated as something that only IT and security teams manage. Criminals seek to exploit any opportunity that exists, so while recovery solutions are imperative, it’s on all of us to seek out cybersecurity training and ensure our online safety.

Report archive

Keep reading to see how the threat landscape and online safety has changed in a few short years.

Read last year’s report

View archive

Explore Microsoft security solutions

Learn more

Average prices of cybercrime services for sale. Attackers for hire start at $250 USD per job. Ransomware kits are $66 USD or 30% of the profit. Compromised devices start at 13 cents per PC and 82 cents per mobile device. Spear phishing for hire ranges from $100 to $1,000 USD. Stolen username and password pairs begin at 97 cents per 1000 on average.

The most targeted countries between July 2020 and June 2021 were the United States (46%), Ukraine (19%), and the United Kingdom (9%).

The most targeted sectors between July 2020 and June 2021 were Government (48%) and NGOs and Think Tanks (31%).

The most active nation state activity groups between July 2020 and June 2021 were NOBELIUM (59%), THALLIUM (16%), and PHOSPHORUS (9%).

There was a sharp decline in Microsoft employees scanning their badges for building entry in March of 2020, from around 100,000 per day to less than 10,000. The number is gradually increasing again as Microsoft moves to a hybrid work environment.

Protect against 98% of attacks by utilizing antimalware, applying least privilege access, enabling multifactor authentication, keeping versions up to date, and protecting data. The remaining 2% of the bell curve includes outlier attacks.