Microsoft’s Digital Crimes Unit (DCU) Provides Insight on Fighting Cybercrime

By Emma Hollingsworth


On July 14, GCA partnered with Microsoft’s Digital Crimes Unit (DCU) to provide insight on how to fight cybercrime, with a focus on phishing and Business Email Compromise (BEC). Shehzad Mirza, GCA’s Director of Operations, introduced the session and presented Joachim Rosenoegger, Senior Manager of Investigations EMEA Microsoft Digital Crimes Unit.

The dramatic increase in devices and innovative cloud technology, creating unlimited opportunities for business, governments, and consumers, points to the need for a holistic cybersecurity strategy. Created in 2008, Microsoft’s Digital Crimes Unit uses creative techniques to pursue financially-motivated cybercriminals. The DCU has three key areas of focus:

  1. Disrupt and deter cybercrime through civil actions and criminal referrals.
  2. Partner internally and externally on technical countermeasures that protect customers.
  3. Partner internally and externally to educate customers and partners to increase cyber awareness.

Microsoft’s unique approach toward these three focus areas includes enterprise-class technology with a simplified experience for users and integrated solutions to mitigate risk, world-class security operations, and collaboration with law enforcement, the intelligence community, and international organizations to yield the maximum results reducing cybercrime.

Business email compromise (BEC), including phishing schemes and unlawful access to accounts, impacts consumers in all sectors and businesses of all sizes. BEC is constantly evolving as scammers become more sophisticated and is the fastest growing classification of cybercrime. Impacting 177 countries, BEC is difficult to prosecute due to the international nature of these cybercrimes. Joachim Rosenoegger discussed the four pillars of the DCU’s BEC strategy, including disruption, deterrence, strength, and communication.

The session’s key theme reinforced positive experiences in efforts with law enforcement and emphasized the benefits of public-private partnerships. The borderless nature of cybercrime creates safe havens for cyber criminals and makes it difficult for law enforcement. Microsoft’s Digital Crimes Unit presented numerous examples in which the DCU successfully partnered with law enforcement to prosecute cybercriminals — for example the largest coordinated BEC enforcement actions to date, in which the DCU provided evidence, intelligence, and case referrals in support of private-public collaboration operations.

Joachim Rosenoegger emphasized the need to continue to look for ways to build strong, strategic partnerships to disrupt cybercriminal activity and systematically take down cybercriminal networks. He simply stated, “to combat the threat and assist victims, we need cross-jurisdictional collaboration.” Public-private partnerships help drive scale and impact, through intelligence sharing, coordination and execution of operations, investigations, civil action, and criminal referrals.

How can you take steps to protect your company and help reduce cybercrime today? Microsoft’s DCU highlights five simple ways for companies to mitigate risk and help reduce cybercrime:

  1. Rapidly apply patches: Especially for Internet facing clients and servers.
  2. Mitigate credential theft: Follow SPA Roadmap to make data theft and ransomware harder.
  3. Implement multi-factor authentication: Immediately for administrators, as soon as possible for users.
  4. Proactively protect your company from phishing attacks: Through anti-phishing training programs, enabling mailbox auditing, regulatory reviewing delegate permissions, and mail-forwarding rules.
  5. Strengthen your security posture: Proactively identify and prioritize gaps in your program through incident-response exercise.

GCA thanks Joachim Rosenoegger with Microsoft’s Digital Crimes Unit for sharing his expertise on the current threat landscape and valued insight on public-private collaboration with law enforcement to build stronger strategic partnerships.


For more information about GCA’s upcoming DMARC Bootcamp, please visit https://gca.globalcyberalliance.org/bootcamp-registration.


The author, Emma Hollingsworth, is the Business Development and Partnership Assistant for the Americas at the Global Cyber Alliance. You can connect with her on LinkedIn.