99.9% of hacked Microsoft enterprise accounts didn’t enable MFA

More than 99.9 percent of Microsoft enterprise accounts that are targeted by cybercriminals did not use multi-factor authentication (MFA) according to an article in WeLiveSecurity, an IT security blog published by the ESET team. The article, authored by and compiled from a presentation by Alex Weinert, Microsoft’s Director of Identity Security, delivered at the RSA 2020 security conference, in San Francisco in late February 2020.

According to the presentation, only 11 per cent of Microsoft enterprise accounts had MFA enabled with an average of 0.5 per cent of all accounts being breached every month. In January of this year for instance, this was an equivalent of more than 1.2 million accounts.

“If you have an organization of 10,000 users, 50 of them are going to be compromised this month,” said Weinert.

The break-ins were facilitated by two factors. First, it was the lack of MFA deployment in applications using old email protocols that don’t support MFA, such as SMTP, IMAP and POP. The second factor involved people’s poor password hygiene, specifically their penchant for extremely simple passwords and for reusing their passwords across multiple accounts, both company and private.

Around 480,000 compromised accounts, which represents some 40 percent of the total, fell victim to password spraying. Using this automated method, attackers test some of the most commonly used passwords to see if they work for breaking into large numbers of other accounts.

And work they do, with Weinert noting that password spraying attacks opened the door to 1 percent of the accounts against which they were deployed in January. On average, attackers would try around 15 passwords.

Roughly the same number of accounts fell victim to password replay attacks, also known as breach replay attacks. In these cases, the attackers leverage lists of credentials spilled in data incidents and try out the same login combinations at other services.

Almost all password spraying and password replay attacks took aim at common legacy authentication protocols – 99.7 percent and 97 percent, respectively. The probability of a compromise surged to 7.2 percent if SMTP was enabled, to 4.3 percent for IMAP, and to 1.6 percent for POP.

To remedy the situation, there are some easier fixes to implement. These include choosing strong and unique passphrases, enabling MFA (also commonly known as two-factor authentication), and disabling legacy protocols. According to Microsoft, the latter measure reduces the likelihood of an account takeover by two thirds.

(Visited 37 times, 1 visits today)


Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.