Cyber war: Are the hackers outsmarting us?

The Microsoft Digital Defense Report 2024 is out, and it’s packed with eye-opening data about how cyber threats are evolving. At spotit, we see this report as more than just a yearly update. It’s a valuable tool to test our assumptions, sharpen our services, and help our clients prepare for what’s next.

In this blog, we break down the key insights that stood out to us—from the rise of social engineering to the growing involvement of state-sponsored threat groups. The big question: are we losing the cyber war, or just fighting it differently?

👉 Read the full report 

Microsoft reports that social engineering attacks remain one of the most common and effective ways for attackers to gain access. Even with more secure authentication methods like passwordless logins and phishing-resistant MFA, attackers are finding workarounds—by going after the human behind the screen.

Based on what we see in the field, spotit knows just how easily even trained users can be deceived. Fake support calls, fraudulent crypto platforms, and malicious browser extensions are on the rise, often bypassing technical controls entirely. Microsoft notes that these tech scams are growing even faster than malware or traditional phishing.

If your employees don’t know how to spot the signs, your security is only as strong as your weakest link. That’s why we always recommend continuous security awareness training—not once a year, but ongoing.

The 2024 report places a strong spotlight on generative AI, which is transforming both sides of the cybersecurity equation. For defenders, AI brings new opportunities—better detection, faster response, and more accurate threat modelling. But for attackers, it opens up new ways to deceive: from realistic phishing emails and fake voices to highly convincing deepfakes.

Microsoft warns that these tools are lowering the barrier for launching convincing attacks. spotit is already working closely with clients to assess the impact of AI-driven tactics and implement practical ways to defend against them. The technology is evolving fast, but the principles of layered, adaptive defense still apply.

Remember the viral deepfake videos of Tom Cruise in 2021? What once seemed like harmless entertainment is now a serious concern in the world of cybersecurity. According to Microsoft’s Digital Defense Report 2024, deepfakes are no longer just for social media—they’re being used to spread political misinformation, sway public opinion, and impersonate public figures in fraudulent schemes.

Microsoft has identified over 200 influence groups using AI-generated content to manipulate narratives, distort facts, and discredit institutions. This type of disinformation undermines digital trust, making it harder than ever to distinguish between real and fake.

Detecting digital impersonation is no longer optional. It’s something spotit now includes as a standard part of modern cybersecurity.

One of the more alarming trends in the Microsoft Digital Defense Report 2024 is the continued rise of state-linked threat groups. Microsoft is now tracking over 1,500 unique groups, 600 of which are believed to be backed by hostile governments.

These actors are no longer just stealing data. They’re laying the groundwork for future sabotage, deploying ransomware, and launching long-term infiltration campaigns. According to the report, Microsoft alone blocks more than 600 million attack attempts every day.

For organizations, this means the threat landscape isn’t just criminal—it’s geopolitical. To help clients prepare for this level of risk, spotit puts advanced detection tools, incident response strategies, and multi-vendor resilience planning into practice. The goal: making sure businesses aren’t just protected today, but also ready for what’s coming next.

The report highlights how deeper collaboration between government and private companies leads to real progress. A great example is the partnership between Microsoft and the Australian Signals Directorate (ASD), which led to actual sanctions against the actors behind the 2022 Medibank ransomware attack.

In Belgium, we’re seeing similar progress through the Cyber Security Coalition and the Centre for Cybersecurity Belgium (CCB). Their CyberFundamentals (CyFun) framework helps organizations measure their cybersecurity maturity and prepare for the NIS2 directive.

Our experts guide organisations through the CyFun framework and help prioritise actions toward NIS2 readiness.

👉 Need support with NIS2 compliance? spotit is here to help

Microsoft dedicates an entire section of its report to Operational Technology (OT). The message is clear: internet-connected industrial systems are now high-risk targets. The report highlights over 300 security vulnerabilities found in third-party OT applications alone.

Many of these environments were never built with security in mind, making them especially vulnerable to modern attacks. Organisations turn to spotit to bring structure and visibility into complex OT environments—identifying connected assets, mapping vulnerabilities, and monitoring industrial networks around the clock. Our approach is grounded in proven models like the Purdue Model and IEC 62443, ensuring robust and reliable protection for critical infrastructure.

👉 Explore our OT/IoT security services

Microsoft processes an astonishing 78 trillion security signals per day. Combined with a global network of over 15,000 partners, this creates a powerful early warning system. It also enables Microsoft to block ransomware attacks faster and more effectively.

But Microsoft doesn’t operate in isolation, and neither do we. Our vendor-agnostic approach allows spotit to combine tools and insights from Microsoft, Cisco, Palo Alto and more. This allows us to design flexible, scalable solutions that fit your environment—not just one vendor’s vision.