Microsoft’s latest Security Intelligence Report highlights the trends seen in 2018 with phishing as the preferred attack method and supply chains as a primary attack target.
Supply Chains at Risk
Software supply chains are the perfect delivery mechanism for cybercriminals. If they can compromise the development or update process of a software supplier, they can get their malware installed down the chain on partner and customer networks with the same trust and permissions as the legitimate software.
The increase in software supply chains seen by Microsoft indicates that all software manufacturers – from those making plug-ins and browser extensions to those building entire cloud-based software services – need to be vigilant now more than ever.
Phishing Still King
Microsoft saw a 250% rise in phishing attacks over the course of 2018, delivering malicious zero-day payloads to users. Microsoft admits that this rise has caused them to work to “harden against these attacks” signaling the attacks are becoming more sophisticated, evasive, and effective.
Microsoft sees phishing as a particularly troubling attack method because “it involves human decisions and judgement in the face of persistent efforts by cybercriminals to make victims fall for their lures.” Even Microsoft realizes that, despite best efforts with security software (including their own), some portion of phishing scams will always make its way to the user.
And that is the reason why users need to become a part of your organization’s security strategy. It’s only through creating a security culture and continuous Security Awareness Training that your organization is truly going to have a reasonable chance of never becoming a victim.