Bekker's Blog

Blog archive

Microsoft Cloud a 'Tempting Target' for Attacks

A new Microsoft security report released this week quantifies a longstanding concern about big cloud services, namely that hyperscale clouds appeal to attackers like banks attract robbers.

After all, the Microsofts, Amazon Web Services and Googles of the world are increasingly where the users and data are. The bet by customers and the industry on big clouds is that in the arms race between attackers and defenders, the risks of putting all the data under only a few vendors' control can be outweighed by the high-quality people and processes the hyperscale vendors will be able to afford.

The latest data points on the question come from the Microsoft Security Intelligence Report (SIR) released on Thursday. Version 22 of the somewhat sporadic report has an increased focus on cloud, and Microsoft comes right out and admits the obvious point that its cloud makes an appealing target.

"Consumer and Enterprise Microsoft accounts are a tempting target for attackers, and the frequency and sophistication of attacks on cloud-based accounts are accelerating," Microsoft's report states.

Just how attractive is made clear in the report, which relies on telemetry data from various Microsoft products and services, such as its monthly scanning of 400 billion e-mails for phishing and malware, processing of 450 billion authentications, and executing of more than 18 billion Web page checks.

[Click on image for larger view.] Outbound attacks detected by the Azure Security Center in Q1 of 2017. (Source: Microsoft)

"The Identity Security and Protection team has seen a 300 percent increase in user accounts attacked over the past year," the report notes in language indicating that it is referring to successful attacks.

No matter how effective Microsoft's defenses are, the report contends that enterprise and end user security practices need to improve. "A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services," the report states.

Attacks are flooding in from bad sectors of the Internet. "The number of Microsoft account sign-ins attempted from malicious IP addresses has increased by 44 percent from 1Q16 to 1Q17," according to the report.

The report does not break out specific numbers, only percentages. It also doesn't quantify how many successful attacks and unsuccessful attempts were aimed at business versus consumer accounts in the Microsoft cloud.

In addition to targeting the digital assets or identities of targeted accounts, a portion of the attacks involve something Microsoft has referred to in previous editions of its SIR as "cloud service weaponization." That involves attackers compromising accounts in order to take over Azure-based virtual machines, which can then be redirected to other nefarious purposes, similar in concept to botnets.

According to Microsoft Azure Security Center data cited in the report, the three most common types of outbound attack traffic that compromised Azure-based virtual machines attempt to send are communications with malicious IPs, RDP brute force and spam.

On the other side of the ledger, Microsoft's report details various Microsoft products and services that can help customers and end users combat attackers, such as Windows Hello for Business, Credential Guard, Microsoft Azure Active Directory Identity Protection and Azure Multi-Factor Authentication.

Posted by Scott Bekker on August 18, 2017


Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.