According to cyber experts, threat groups are making nearly 1,000 attempts to hack account passwords every single second and they are more determined to succeed with the number of attacks increasing. This analysis comes from Microsoft's Digital Defense Report 2022 and are based on research of trillions of alerts and signals collected from the company's worldwide ecosystem of products and services.
The report cautions that cyber-attacks are increasing, with account passwords still very much the main target of hackers, particularly as many accounts are vulnerable because they lack any additional layers of protection beyond the password itself to help keep them secure. The Microsoft report follows saying the volume of password-based attacks has risen to an estimated 921 attacks every second representing a 74% increase in just one year for what is the primary method through which accounts are compromised.
Attacks against passwords include brute force attacks attempting to crack simple or common passwords, attackers attempting to use leaked usernames and passwords to access other accounts owned by the victim, and phishing attacks designed to dupe victims into handing over their login credentials. The report suggests that 90% of accounts that get hacked are not protected by 'strong authentication' meaning that the vast majority of accounts that get breached only have one layer of protection as opposed to having an additional layer of multi-factor authentication (MFA) for added verification.
The number of accounts protected by MFA remains too low, even for administrator accounts, with under one in three protected with an additional layer of authentication although the number of accounts protected in this way is slowly rising. While there has been an increase in accounts with additional layers of protection, many remain vulnerable to attackers who can exploit compromised accounts to conduct harmful activity, including stealing sensitive data, conducting business email compromise attacks, deploying malware, launching ransomware attacks, and more. "Many cyberattacks are successful simply because basic security hygiene has not been followed," said Microsoft and the company urges organizations and users to apply minimum standards to help protect accounts as even basic security hygiene still protects against 98% of attacks. This includes protecting accounts with MFA, so if a password is hacked, the attacker will struggle to access the account without the user being made aware that something is wrong, although even MFA is not infallible.
Cyber security professionals recommended that zero-trust cyber security principals are applied across networks and devices, so it is difficult for an attacker to gain full access to systems with a single login using a compromised account. Software, applications and operating systems should also be kept up to date with the latest security patches in order to prevent cyber attackers from exploiting known vulnerabilities to access and hide malicious activity on networks. In the event of suspecting that your password has been hacked, you should change it immediately and consider using a password manager to help ensure each of your accounts is secured with a password that is both strong and unique to help protect your data from hackers.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or email@example.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings