Monday, December 5, 2022
HomeMicrosoftMicrosoft: passwords, always a tempting target for attackers

Microsoft: passwords, always a tempting target for attackers

There would be almost a thousand attempts to crack passwords every second. And the attackers are more determined than ever, with the number of such attacks increasing. These are figures that come from Microsoft’s Digital Defense Report 2022, a summary of the analysis of billions of alerts and signals collected in the Redmond giant’s ecosystem of products and services.

Strongly increasing

According to this report, account passwords remain the primary target for hackers. Microsoft estimates that the volume of password attacks is around 921 attempts per second, which represents a 74% increase in one year.

To crack a password, attackers use brute force to crack simple, common passwords – a list of passwords will be tested immediately. They will also use credential stuffing, a technique that tests previously leaked usernames and passwords on new platforms. Finally, malicious hackers will rely on phishing to trick their victims into recovering their identifiers.

Not strong enough authentication

Microsoft notes that 90% of hacked accounts are not protected by strong authentication, which would have required additional verification. Also according to the publisher, the number of accounts protected by multi-factor authentication remains low, even for administrator accounts, with less than one in three accounts protected by an additional layer of authentication.

Many critical accounts are thus vulnerable to attackers. Stealing a password then enables other malicious activities, such as stealing sensitive data, deploying malware, ransomware attacks, etc.

“Many cyberattacks are successful simply because basic hygiene has not been followed,” Microsoft said. The company encourages organizations and users to enforce minimum standards to help protect accounts. This basic digital hygiene would protect against 98% of attacks.

Basic digital hygiene

It is therefore recommended to protect accounts with multi-factor authentication, although this method is not foolproof. It is also recommended to use “Zero trust”, this information security model which denies access to applications and data by default. This makes full access to systems more difficult, even when a hacker has already compromised an account.

Software, applications and operating systems must also be kept up to date with the latest security patches to prevent attackers from exploiting known vulnerabilities to gain access to networks.

And if you suspect that your password has been hacked, you should change it immediately. You can use a password manager to ensure that each of your accounts is secured with a strong and unique password.

Source: “ZDNet.com”



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments