Cybercrime is globally disruptive and economically damaging, causing trillions of dollars in financial losses affecting both individuals and businesses, while threatening national security and diminishing trust in the digital economy and the internet.
Microsoft’s Digital Crimes Unit (DCU) is a global team of technical, legal, and business experts who have been fighting cybercrime, protecting individuals and organizations, and maintaining the integrity of Microsoft services since 2008. Our expertise and our Unique insights into online criminal networks allow us to uncover the evidence used in our criminal referrals to law enforcement. The DCU also works to increase the operational cost of cybercrime by disrupting the infrastructure used by cybercriminals through civil legal actions and technical measures.
No entity can fight cybercrime alone; DCU has developed close relationships with Microsoft security teams, as well as law enforcement, security companies, researchers, NGOs, and customers to increase both our scale and impact in the fight against cybercrime.
The DCU also shares information to help remediate victims, support education campaigns, and enable the development of technical countermeasures that enhance the security and safety of Microsoft products and services. We also use our voice and expertise to inform cybercrime legislation and advocate for public-private partnerships that accelerate cross-border cooperation to fight cybercrime.
Work email compromised
Business Email Compromise (BEC) occurs when business email account credentials are illegally used to compromise accounts and facilitate email fraud against targeted organizations and individuals.
BEC is one of the most prolific and costly forms of cybercrime in the world today. According to a 2021 FBI report, BEC attacks resulted in losses of $2.4 billion and accounted for nearly 35% of all cybercrime losses. The DCU uses state-of-the-art legal and technical strategies to combat BEC crime, allowing us to identify, map and disrupt the complex infrastructure used to launch BEC attacks. In 2021, the DCU obtained court orders to block malicious homoglyph domains targeting and impersonating customers. The DCU also ordered the removal of more than 596,000 unique phishing URLs and 7,700 phishing kits, which led to the identification and closure of more than 2,200 malicious email accounts used to collect the information. stolen customer identification.
Cybercriminals and nation-state actors rely on botnets – networks of malware-infected computers controlled by cybercriminals – to expand their reach dramatically and anonymously. For more than a decade, the DCU has identified, investigated, and disrupted the ability of these actors to carry out their criminal activities by targeting their distribution and communications infrastructure.
To date, the DCU has disrupted the infrastructure of 25 botnets or state actors, preventing them from distributing additional malware, controlling victim computers, and targeting other victims. In partnership with governments and Internet service providers, DCU has identified and shared information to remedy approximately 500 million victims worldwide while using the information obtained during these operations to better secure Microsoft products and services. against these cyber threats.
Ransomware is a high-profit, low-cost business that has grown dramatically around the world over the past few years. In 2020, cybercriminals have moved from automatically distributing ransomware like NotPetya or WannaCry to targeted human-operated attacks where adversaries deliberately target critical assets in an attempt to extract significantly higher ransoms from their victims. Microsoft is in a unique position to reduce the profitability of this crime while increasing the cost of entry. The DCU has invested in technical and legal resources to make ransomware less profitable and more difficult to deploy by disrupting the infrastructure and payment systems that enable ransomware attacks, and preventing the use of Microsoft products and services to attack our customers.
Tech Support Fraud
According to a global online survey from Microsoft in 2021, approximately 3 in 5 people worldwide have experienced a tech support scam. Scammers convince victims to give access to their devices by impersonating reputable tech companies such as Apple, Google, and Microsoft.
The DCU relies on data analytics and direct customer complaints to investigate criminal networks involved in tech support fraud and refer them to law enforcement. The DCU also works to disrupt the flow of money to scammers by providing financial institutions and payment processors with information about scammers’ fraudulent transactions, and educating the public on how to avoid these scams.
Malicious use of Azure
Cybercriminals sometimes launch attacks directly from Microsoft’s network using the power of our Azure cloud services to target legitimate Microsoft customers, global businesses and governments. The DCU is working to identify and investigate cybercriminals using Azure maliciously to launch these cybercrime attacks.
With the threat landscape constantly changing, DCU partners with corporate security teams to identify and disable cybercriminals harboring malicious technical infrastructure used in BEC, tech support fraud, malware distribution and ransomware attacks.
In addition to enforcement measures, DCU’s disruption of cybercriminal networks using Azure provides insights that strengthen Azure security, protect customer cloud capacity, and help our Azure team deliver customer experience. world class.
Technological Advances: Machine Learning
During our investigations, the DCU has amassed a significant amount of data, and the challenge is how to analyze and use this information to protect our customers. In our day-to-day work, we use machine learning clustering techniques to aid our analysis, identifying patterns to more accurately detect and learn from online criminal activity. Using these tools, we’ve been able to develop new, more effective ways to identify the most prolific criminal networks to target for investigation, disrupt criminal infrastructure at scale, and partner with our engineering teams to improve the safety of our products and services.
According to Cybersecurity Ventures, the annual cost of cybercrime worldwide is expected to reach $10.5 trillion by 2025, as the world witnesses an increase in hacking activity by organized criminal groups and sponsored by nation states. hostile. To combat this alarming trend, the DCU is developing a comprehensive payments disruption strategy in partnership with public and private sector stakeholders, including banks, payment processing providers, crypto exchanges and law enforcement. . Our goal is to stop the flow of money from victims to cybercriminals and prevent cybercriminals from collecting and profiting from the proceeds of their crimes.
SOURCE: Cybersecurity companies
Note: This page was first published on April 30, 2020 and updated on May 3, 2022.