300% Increase In Microsoft Cloud-based Attacks


Early in August Microsoft released the latest version of their Security Intelligence Report (SIR) covering their findings for Q1 2017 period.

The intelligence gathered for this report comes from security-related signals from the consumer, commercial “on-premise” and cloud based services that Microsoft operates globally. The report notes that every month Microsoft scan an impressive 400 billion emails for phishing and malware, process 450 billion authentications, and execute 18+ billion webpage scans.

3 key findings in the report were -

  • As more organisations migrate to the cloud, the frequency and sophistication of attacks on accounts in the cloud is increasing. There has been a 300% increase in Microsoft cloud-based attacks between Q1 2016 and Q1 2017. Account sign-in attempts from malicious IP addresses has increased by 44 percent.
  • Microsoft Azure and other cloud services are perennial targets for attackers who seek to compromise and “weaponize” virtual machines and other services, and these attacks are taking place across the globe.
  • Ransomware encounter rates vary in different parts of the world with Europe having a higher rate vs. the rest of the world in Q1-2017. For example the US had a 0.02% encounter rate whereas countries such as Italy, Spain and Hungary has rates of 0.14% each.

Whilst the findings may not be a major surprise for some the first finding was interesting. The report outlines that a large majority of the 300% increase in account compromises are the result of weak or guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services. So despite the many technological advances that exist we are still grappling to address login and password security.

Earlier this year the National Institute of Standards and Technology’s (NIST) circulated its Digital Identity draft guidelines – ref SP 800-63-3 - https://pages.nist.gov/800-63-3/.

The 4 part guideline makes a number of recommendations covering –User Enrolments and Identity Proofing Requirements, Authentication and Lifecycle Management, Federation and assertion. The 4 key recommendations in the document relating to passwords are –

  • Periodic password change requirements can be removed – based on research NIST believes this long established requirement is a burden on the user and does not improve password security.
  • Password complexity rules that used to require a mixture of upper case letters, numbers and symbols can be relaxed. Similar to the above research has shown the current requirements do not make for a better password.
  • Passwords need to be no less than 8 characters but also should be allowed to be as long as 64 characters – this would allow users to perhaps create a passphrase.
  • Check passwords against a list of commonly used, easy to guess or known compromised passwords.

Whilst adopting these suggestions should make a difference, the reality is that passwords will continue to be deemed weak and the level of attacks as highlighted in the Microsoft Security Intelligence Report, are not likely to drop off.

Proven complementary factors of authentication such as mobile or hardware OTP tokens as well as PKI based USB tokens or smart cards should be applied to help in solving this problem as the NIST guidelines highlight. Selecting proven “best of breed” technology that can provide the right level of protection to control access to cloud and on-premise based applications is a perfect starting point. Gemalto’s authentication management platforms in essence are designed to act as an organisations trusted identity provider giving authorised users permission to access applications.

To download the Gemalto Authentication Solution Brief CLICK HERE

JUST RELEASED ! – CLICK HERE to download the 2017 Breach Level Index from Gemalto

The Reality Of Data Breaches


Latest Security Problems Solved

Internet of Things More >
HTTPS – Uptake Set to Accelerate in 2017 More >
Addressing Endpoint Security Challenges More >
Securing Blurred Boundaries More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >