Microsoft Security Intelligence Report: User account attacks up by 300%

If attacks seem to be on the rise, it’s not just because there’s more media buzz about them.

According to a report released by Microsoft on Q1 2017 statistics, attacks on user accounts are up 300%. The quarterly report has been tracking data collected from Windows operating systems for over five years.

Microsoft identified the four leading causes behind a successful hacking attempt where the user account is compromised:

  • easily guessed, weak passwords
  • poor password management
  • targeted spear phishing attacks, and
  • breach of third party services.

Microsoft broke the report down into different sections: cloud-based attacks and endpoint attacks. Each type of threat is analyzed with provided statistics so IT pros know what to expect and prepare for.

Password management solutions

Sign-in attempts from malicious IP addresses went up 44% in the past year. These cover anything from brute force attempts to more subtle targeted attempts made after another account had been compromised. The obvious fix to having weak passwords is to make stronger ones, but Microsoft suggests IT pros can do more for their organizations.

For starters, make sure users know not to use the same password across multiple sites.

This includes variations of a password style, as those can be easily cracked by a computer system or guessed by a knowledgeable hacker. The report’s other suggestion is to enable multi-factored authentication (2FA) wherever possible.

Users’ office lines can be linked to accounts so when there’s suspicious activity occurring or certain security parameters are met, their office lines will be called and given an automated access code. Other ways 2FA can be used: notifications via a company-wide mobile app, or by text messaging through a company-issued mobile device.

In the event that company-provided devices aren’t available, users can substitute their personal phones or email accounts. Microsoft isn’t alone in promoting 2FA as a secure method of protection either. The most recent Black Hat conference in Las Vegas asked hackers which was the hardest security hurdle for hackers to clear. Wouldn’t you know, 68% said that 2FA is the biggest obstacle hackers face, though that doesn’t mean it’s 100% secure either.

As most IT pros already know, a system is only as secure as a user’s ability to keep it so. 2FA is still vulnerable to phishing attacks and adapted phishing methods.

Shaky platform

Other forms of attacks don’t always have a simple solution. One such example is the cloud-based attacks Microsoft covered. According to the report, 32.5% of the global cloud service attacks on Azure, Microsoft’s cloud-based software, came from the United States.

Of those attacks, 4.2% resulted in communication to IPs from the compromised device within the U.S. That’s compared to the whopping 89% that resulted in communication with IPs located in China.

One of the most common and hardest to prevent attacks is drive-by-downloads. These occur when a user visits a legitimate site where a hacker has injected bad code. For their part, browsers and search engines have stepped up to scan for these threats and notify users when they visit the compromised sites with warnings, but there’s little to be done when those warnings are intentionally ignored.

Make sure users know what these warnings look like, what they mean and how they should respond when they come across any online.

Latest rising threat

Ransomware is on the rise as the preferred method of attack as it doesn’t require hackers to exfiltrate any data and attempt to sell it online.

Instead, ransomware limits the ability for companies to get access to their data, switching up who the buyers are. However, Microsoft advises against paying out any ransoms for data. Instead, work around the data block by using backups and security measures to prevent future attacks.

Still, that advice didn’t stop people from paying out for the two largest media grabbers of 2017 so far: WannaCrypt and Petya. Or, as most people know them from their media darling phases, WannaCry and NotPetya.

The good news Microsoft has on both attacks is that it had already patched the vulnerability each one used to gain access to a device.

The bad news is most companies and users didn’t install that update, resulting in multiple businesses worldwide losing functionality.

NotPetya, in particular, posed a nasty threat, as it has worm capabilities. This means it can move from an infected device to other devices on the network incredibly fast – and regardless of whether the other devices are patched. In other words, it takes just one user to ignore an update to jeopardize every other device linked to the network.

The ransomware encounter rate in the U.S. was at .02%. That’s comparable to the most common encounter rate in the Czech Republic at .17%.

So why are so many systems still vulnerable to these common types of attacks?

It’s a lifestyle choice

Microsoft may have the answer we’re looking for. It’s been collecting operating system reports back since Vista was still a popular OS.

Windows 7 – still a popular OS for many organizations as it claims 48.43% of the market share at the time this article was written – had 55% of systems reporting there was absolutely no security at all. No anti-virus or real-time protections were running on the device.

Microsoft addressed this in later OS launches by making Windows Defender enabled as a default. As a result, there was a dramatic drop in systems reporting this as the reason they’re unprotected.

But that doesn’t mean Windows 10 is 100% protected either.

Forty-seven percent of Windows 10 devices reported they were out-of-date as users declined to update, while another 32% reported their real-time monitoring had been “snoozed.”

That means, ultimately, users are voluntarily creating holes in device security by refusing to update, for whatever reason they or the business may have.