The number of attacks on cloud-based accounts has increased by 300%, according to Microsoft’s Security and Intelligence report.
It claimed that consumer and enterprise Microsoft accounts are a tempting target for attackers, and the frequency and sophistication of attacks on cloud-based accounts are accelerating. “The Identity Security and Protection team has seen a 300% increase in user accounts attacked over the past year” it said, claiming that a large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services.
Elsewhere, the number of Microsoft account sign-ins attempted from malicious IP addresses has increased by 44% in comparison to Q1 of 2017 to Q1 of 2016. “Security policy based on risk-based conditional access, including comparing the requesting device’s IP address to a set of known ‘trusted IP addresses’ or ‘trusted devices’, may help reduce risk of credential abuse and misuse,” the report advised.
Oliver Pinson-Roxburgh, EMEA director at Alert Logic said: “There are a number of sophisticated attacks that rely on new detection capabilities most organizations do not have today and they are increasing as organizations get better at security best practices.”
In the recent Alert Logic Cloud Security report for 2017, it claimed that it saw close to 37% more incidents in on-premise data centers, leaving each public cloud deployment to withstand just over (on average) around 400 incidents in the 18-month period covered by this report. “Even lower incident rates do not necessarily translate to lower risk—especially when, as is increasingly more common, businesses rely on the public cloud to handle their highest-value assets,” he said.
James Clegg, VP EMEA at FireMon, said: “Attacks on cloud providers is the easy way into hybrid cloud enterprises who are struggling with the complexity of controlling security across all domains and security vendors. Just relying on the encryption from your SD-WAN vendor does not assure the journey.”
Source : infosecurity-magazine.com