Tech issues explained: Cybercrime Disruptions

Hello! Welcome once again to this series from the editorial team that brings you Microsoft On the Issues. We are looking at some of the most important topics at the intersection of technology and public policy – and what they mean for you.  

On the agenda this time around are cybercrime disruptions – AKA going after and dismantling the technology infrastructure (think internet protocol (IP) addresses, malicious website links, proxy servers, crypto wallets …) being used by cybercriminals, as well as the criminals themselves and their assets.  

The global cost of cybercrime continues to rise rapidly and is predicted to reach $10.5 trillion annually by 2025.  

Many people fall for the frauds and tricks cybercriminals use, opening themselves and the businesses they work for up for attack. We regularly see well-known brands imitated or fall victim to compromise. Critical infrastructure is frequently a target – as we saw with distributed denial of service (DDoS) cyberattacks on U.S. airports and a series of ransomware attacks against U.S. hospitals recently. 

Taking proactive action to stop cybercrime is crucial to healthy economies and society. And that’s where disruptions come in.  

What does disruption look like?  

You can probably rule out the Hollywood-created image of a cybercriminal that has just popped into your head. We’re not talking about some shady-looking individual sitting in a dimly-lit basement (although, some of them exist, too). But more often, these are organized and highly sophisticated gangs or nation-states mounting sophisticated, malicious attacks.  

The growth of cybercrime as a service – a business model where criminals offer their services and tools to anyone willing to pay – makes it even more complicated to find the bad actors and disrupt the mechanisms they use. Disrupting cybercriminal networks, assets, and infrastructure therefore requires a complex and coordinated response.  

Disruptions rely on civil and criminal legal responses, technical action, and, importantly, operational coordination across the public and private sector. Microsoft pursues disruptions in partnership with the public sector as a way to protect our customers and services. For example, Microsoft, in partnership with cybersecurity company Fortra and Health-ISAC, recently used a federal court order as part of a massive disruption of an abused security tool where manipulated Microsoft software, at times, was being used to target healthcare organizations around the world. Over the course of a number of years, the attacks have cost hospital systems millions of dollars in recovery and repair costs, as well as disrupted critical patient care.  

What is Microsoft’s approach? 

With an international team of ~30 technical and legal experts and digital investigators, Microsoft’s Digital Crimes Unit (DCU) has been fighting cybercrime since 2008. The team’s unique insights into online criminal networks enables Microsoft to uncover malicious activity by bad actors – on and off our platforms – with the goal of protecting consumers globally.  

The DCU uses criminal referrals and legal actions, technical innovation and public and private partnership with the goal of disrupting the people, infrastructure, and assets of cybercrime networks. The team also shares the insights it uncovers with other security teams at Microsoft to strengthen the security and safety of Microsoft products, as well as educate and inform customers and policy in this space. 

Why does public-private collaboration matter?   

Public-private collaboration is crucial for a disruption’s success. It allows for quick information sharing and the application of cross-sector expertise to target all aspects of the cybercrime network.  

This kind of cooperation enables law enforcement and government agencies to go after bad actors – seizing domains, taking down websites and servers, and breaking up and repatriating funds in cybercriminal crypto wallets. In many of these cases, disruptions have led to the arrest and prosecution of criminals.    

So important is this cooperation that, in March 2023, the White House released its new National Cybersecurity Strategy, identifying disruption as a central pillar. In the words of Amy Hogan-Burney, General Manager, Associate General Counsel, Cybersecurity Policy and Protection, “Combating cybercrime is like working on a puzzle where we all only have a few pieces. To solve the cybercrime puzzle, we need to continue to improve our ability to actively disrupt the people, infrastructure, and finances supporting cybercrime globally. That means we must truly leverage the immense capabilities of industry and governments to defeat these threats.” 

As Microsoft’s Digital Crimes Unit has demonstrated many times, legal methods can play a core role for the private sector to advance this strategy as a priority. 

How have disruptions made a difference in the fight against cybercrime?  

As Hogan-Burney said, “Disruption is a piece that can help get us closer to solving the cybercrime puzzle.” At the end of the day, our goal is to make it harder for cybercriminals to make money and launch attacks in the name of protecting potential victims. In the case of civil litigation, even if the action doesn’t result in a permanent takedown of criminal infrastructure, it can greatly slow attempts by cybercriminals to rebuild their networks and impose significant costs on their operations. 

Since its inception, the DCU has worked to protect our customers and all consumers across the globe by disrupting a combined total of 27 malware families, nation state actors and, more recently, the tools cybercriminals use in their attacks.  

Microsoft’s DCU also seeks to block the cybercriminal infrastructure before it even reaches a potential victim. In 2022 alone, the DCU successfully blocked 2,750,000 site registrations to get ahead of bad actors intending to use them for global cybercrime and potentially harm customers. Approximately 710 million phishing emails were blocked each week. And 531,000 phishing URLs hosted outside of Microsoft were taken down. 

But as we use increasingly sophisticated tools and techniques to combat malicious activity, we see cybercriminals evolve their techniques as well. For example, attacks on Internet of Things (IoT) devices have increased. Ransomware has also evolved from being largely indiscriminate to targeted, human-engineered and operated attacks.  

What can you do about it? 

1. Improve your cyber hygiene. It is one of the best defenses we have against cybercriminals. This includes using anti-malware software and ensuring devices are running the latest versions of software, including security patches. You should use browsers which enable analysis of URLs for suspicious behaviors, and block known malicious sites. Multi-factor authentication is key to limiting unauthorized access of accounts. And where you can, go passwordless! 
2. Educate yourself. Awareness makes up another huge part of the response. Make sure you know what to look out for in common scams, be careful where you share personal information, and always be mindful before you click on links or open attachments. 

 3. Join the fight. Demand for cybersecurity skills has grown by over a third in the past year. Microsoft is aiming to close the skills gap and help skill the cybersecurity workforce.