300% Increase In Microsoft Cloud-based Attacks

 

Early in August Microsoft released the latest version of their Security Intelligence Report (SIR) covering their findings for Q1 2017 period.

The intelligence gathered for this report comes from security-related signals from the consumer, commercial “on-premise” and cloud based services that Microsoft operates globally. The report notes that every month Microsoft scan an impressive 400 billion emails for phishing and malware, process 450 billion authentications, and execute 18+ billion webpage scans.

3 key findings in the report were -

  • As more organisations migrate to the cloud, the frequency and sophistication of attacks on accounts in the cloud is increasing. There has been a 300% increase in Microsoft cloud-based attacks between Q1 2016 and Q1 2017. Account sign-in attempts from malicious IP addresses has increased by 44 percent.
  • Microsoft Azure and other cloud services are perennial targets for attackers who seek to compromise and “weaponize” virtual machines and other services, and these attacks are taking place across the globe.
  • Ransomware encounter rates vary in different parts of the world with Europe having a higher rate vs. the rest of the world in Q1-2017. For example the US had a 0.02% encounter rate whereas countries such as Italy, Spain and Hungary has rates of 0.14% each.

Whilst the findings may not be a major surprise for some the first finding was interesting. The report outlines that a large majority of the 300% increase in account compromises are the result of weak or guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services. So despite the many technological advances that exist we are still grappling to address login and password security.

Earlier this year the National Institute of Standards and Technology’s (NIST) circulated its Digital Identity draft guidelines – ref SP 800-63-3 - https://pages.nist.gov/800-63-3/.

The 4 part guideline makes a number of recommendations covering –User Enrolments and Identity Proofing Requirements, Authentication and Lifecycle Management, Federation and assertion. The 4 key recommendations in the document relating to passwords are –

  • Periodic password change requirements can be removed – based on research NIST believes this long established requirement is a burden on the user and does not improve password security.
  • Password complexity rules that used to require a mixture of upper case letters, numbers and symbols can be relaxed. Similar to the above research has shown the current requirements do not make for a better password.
  • Passwords need to be no less than 8 characters but also should be allowed to be as long as 64 characters – this would allow users to perhaps create a passphrase.
  • Check passwords against a list of commonly used, easy to guess or known compromised passwords.

Whilst adopting these suggestions should make a difference, the reality is that passwords will continue to be deemed weak and the level of attacks as highlighted in the Microsoft Security Intelligence Report, are not likely to drop off.

Proven complementary factors of authentication such as mobile or hardware OTP tokens as well as PKI based USB tokens or smart cards should be applied to help in solving this problem as the NIST guidelines highlight. Selecting proven “best of breed” technology that can provide the right level of protection to control access to cloud and on-premise based applications is a perfect starting point. Gemalto’s authentication management platforms in essence are designed to act as an organisations trusted identity provider giving authorised users permission to access applications.

To download the Gemalto Authentication Solution Brief CLICK HERE

JUST RELEASED ! – CLICK HERE to download the 2017 Breach Level Index from Gemalto

The Reality Of Data Breaches

Bruce Armstrong -
Consultant 

Bruce has a background in sales and marketing and has spent many years in IT in both Wellington and Auckland. He has worked for the large multi-nationals Microsoft and HP, and in more recent times has focused on information security solutions and products, and cloud infrastructure and delivery. Based in Wellington Bruce manages sales in the Wellington and Southern regions for MPA.  

Bruce has an ability to work with partners to get the best outcome in complex IT problems, and work through options and issues. With a love of all things technology and a dislike of techno-babble, Bruce is a great guy to talk to about your security and IT plans and projects.


Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
What Does It Take To Lower Your Mobile Cost Of Ownership? More >
2014: The Year Encryption Comes of Age More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >