Microsoft has revealed that the frequency and sophistication of attacks on it users’ cloud-based accounts are “accelerating.” There has been a 300% increase in user accounts attacked over the past year, according to the tech giant’s Identity Security and Protection team.
“A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services,” said Microsoft in its “Security and Intelligence” report.
The number of Microsoft account sign-ins attempted from malicious IP addresses increased by 44% during the first quarter this year from the same period in 2016.
When grouped by region, more than two-thirds of incoming attacks on Azure cloud services during the first quarter this year came from IP addresses in China (35.1%) and the US (32.5%). South Korea was third at 3.1%, followed by 116 other countries and regions.
Search and compare product listings for Cyber Insurance from specialty market providers here
“In a cloud weaponization threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of one or more virtual machine,” said the report.
“The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, spam campaigns that can be used for email phishing attacks, reconnaissance such as port scanning to identify new attack targets, and other malicious activities,” it added.
It said security policy based on risk-based conditional access, including comparing the requesting device’s IP address to a set of known “trusted IP addresses” or “trusted devices,” may help reduce the risk of credential abuse and misuse.
Microsoft also warned that hackers can be “sophisticated and skilled” at mimicking real users, making the task of safeguarding accounts a constantly evolving challenge.