Almost all compromised Microsoft accounts lack multi-factor authentication, but few companies enable it when it’s available, Microsoft says.
In its new ‘Cyber Signals’ report, the tech giant says only 22% of customers using its Azure Active Directory (AAD) cloud identity platform had implemented ‘strong identity authentication’ as of December 2021, which includes multi-factor authentication (MFA) and passwordless solutions like the Microsoft Authenticator app.
MFA is one of the best defenses against phishing attacks because logging into an Office 365 account with a compromised password requires the attacker to also have physical access to a second factor, such as the smartphone. of the account owner.
99% of compromised Microsoft accounts lacked MFA
As pointed out by Microsoft, if you have multi-factor authentication enabled, you are almost guaranteed to be protected. Last year, the tech giant revealed that 99% of compromised Microsoft accounts lacked this security feature.
Among the potential technical obstacles, some organizations still have Office 365 “basic authentication” enabled, and it does not support MFA. “Modern authentication”, it allows you to activate it. Basic authentication by default will also be removed in October 2022 by Microsoft – it should have been last year but was postponed due to the pandemic and the introduction of teleworking.
25.6 billion brute force attacks and 35.7 billion phishing emails
The “Cyber Signals” report also highlights the scale of attacks against account credentials. Microsoft says it blocked tens of billions of phishing attempts and password guessing attacks, including password spraying, last year. These attacks were notably carried out by state-sponsored cyberattackers, such as Nobelium, the group responsible for the attack on SolarWinds.
“Between January 2021 and December 2021, we blocked more than 25.6 billion Azure AD brute-force authentication attacks, and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365,” notes Vasu Jakkal, corporate vice president, security, compliance and identity, in a blog post.
However, it is clear that some phishing emails and attacks still manage to get through, which means that 78% of AAD customers who do not have strong authentication are exposed to breaches, which is not the case. of almost no MFA-enabled customers.
The “Cyber Signals” report presents an overview of these threats in 2021, as well as an overview of the context in which cyberattackers employ these techniques. As the report states, “Ransomware thrives on default or compromised credentials.”
Source: ZDNet.com