In its annual Digital Defense Report, Microsoft warns of a sharp rise in cyberattacks amid growing geopolitical tensions.
The report reveals that Microsoft’s customers faced roughly 600 million attacks per day from cybercriminals and state-sponsored actors. Covering activity from July 2023 to June 2024, the analysis underscores how cyber operations have become an integral part of wider geopolitical conflicts.
Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity, said: “We have been operating in a volatile global cybersecurity environment for some time. Recent macroeconomic pressures, geopolitical tensions and the increased sophistication of both criminal and nation-state cyber operations have made the situation worse.”
Microsoft’s findings depict a worrying security landscape. The company reports growing collaboration between criminal gangs and nation-state operators, with state actors increasingly outsourcing intelligence collection to criminal groups and adopting their tools and methods.
“OpenText Cybersecurity’s 2024 Threat Hunter Perspective also highlighted that coordination between nation-states and cybercrime rings, particularly to target global supply chains and advance geopolitical objectives, is now a defining trend in the threat landscape,” Aldridge added.
Russian actors have been notably active in outsourcing cyberespionage, especially against Ukrainian targets. In a June 2024 incident, a suspected criminal group used commodity malware to compromise at least 50 Ukrainian military devices.
Iranian operators have used ransomware as part of cyber-enabled influence campaigns. In one case, they marketed stolen data from an Israeli dating site and offered to remove specific profiles for a fee.
North Korea has also entered the ransomware arena. Security researchers identified a North Korean group that created a custom ransomware family called FakePenny, which it used against aerospace and defense organisations after exfiltrating sensitive data.
With the US election approaching, Microsoft has detected increased activity from Russia, Iran and China. These actors are leveraging geopolitical fault lines to amplify domestic controversies, aiming to influence voter sentiment or erode confidence in democratic institutions.
“As major events like the US presidential election approach, organisations across the global supply chain must remain vigilant against advanced, multi-vector attacks,” Aldridge warned.
On the cybercrime side, the picture is concerning. Microsoft reported a 2.75-fold year-on-year increase in ransomware incidents, even though fewer attacks progressed to full encryption. Tech support scams surged dramatically—up about 400% since 2022—rising from roughly 7,000 daily incidents in 2023 to around 100,000 per day in 2024.
Aldridge recommended that organisations strengthen their cyber defences by adopting advanced detection and response capabilities. “Businesses should prioritise secure, encrypted backups so systems can be restored quickly without risking data exposure,” he said.
He also advised implementing layered controls such as email filtering with on-click URL scanning, antivirus solutions with real-time anti-phishing features, strong password policies and multi-factor authentication. Continuous security awareness training for staff from day one is essential so employees recognise and scrutinise suspicious emails, messages and calls.
The report also examines the growing role of artificial intelligence in cyber threats. Both criminal and state actors are experimenting with AI: China-linked groups appear to favour AI-generated imagery, while Russia-linked actors are deploying audio-based AI techniques across multiple channels.
Microsoft stresses the importance of public-private collaboration to counter these escalating risks. Aldridge echoed this, saying, “A multi-layered defence strategy is critical. The more diverse an organisation’s processes, tools and technologies for protecting and recovering data and detecting and responding to incidents, the less likely an attack will succeed and cause disruption.”
As attacks increase in frequency and sophistication, industry experts agree that combining robust defensive measures with effective deterrence is the only viable path to reducing impact.
“This serves as a wake-up call for organisations worldwide to strengthen their cybersecurity posture before the situation worsens. Nation-state attackers show no signs of slowing down,” Aldridge concluded.
See also: Volt Typhoon: Beijing calls US and Microsoft’s claims a ‘political farce’
Interested in learning more about cybersecurity and cloud technologies from industry leaders? Consider attending the Cyber Security & Cloud Expo, held in Amsterdam, California and London. The event runs alongside prominent conferences such as BlockX, Digital Transformation Week, IoT Tech Expo and AI & Big Data Expo, bringing together experts across security, cloud, blockchain, IoT and AI to discuss trends, best practices and emerging threats.
Explore other enterprise technology events and webinars organised by TechForge.