At the RSA Security Conference last week, Microsoft engineers said that 99.9% of the infected accounts they track each month did not enable multi-factor authentication (MFA), a solution that prevents most automated account attacks. According to Microsoft, they track more than 30 billion logins and more than 1 billion live monthly users every day. On average, about 0.5% of accounts are stolen each month, and in January 2020, this figure is approximately 1.2 million.
When corporate accounts are attacked, things get worse. Microsoft says that as of January 2020, only 11 percent of these highly sensitive accounts have multifactorauthentication (MFA) solutions enabled.
The primary source of most Microsoft accounts being hacked is password spraying, which attackers often choose, easier to guess, try to crack it one by one, and then use a second password in turn to try to attack, and so on.
The second main attack is password replays, which use a set of compromised data to try to log in on another platform, and if the user uses the same account password repeatedly on different platforms, they will be tricked.
Lee Walker, Microsoft’s identity and security architect, points out that 60 percent of users reuse passwords, and it’s best not to be confused, and accounts in enterprise and non-enterprise environments should be distinguished.
Both of these types of attacks are typically targeted at older authentication protocols such as SMTP, IMAP, POP, and so on, mainly because these legacy authentication protocols do not support MFA solutions and are therefore vulnerable to hackers.
Walker reminds organizations that use legacy authentication protocols that they should be disabled immediately. According to Microsoft, the rate of account intrusions for tenants who have disabled the old agreement has fallen by 67%.
In addition, Microsoft recommends that each organization prioritize enabling MFA solutions for user accounts “to prevent 99.9% of accounts from being hacked.” “