Security

Microsoft cloud cybersecurity attacks up 300% in last year, report says

In volume 22 of Microsoft's Security Intelligence Report, the Redmond giant outlined some of the biggest cyberthreats facing its users.

Microsoft cloud user accounts saw a 300% increase in cyberattacks over the past year, according to volume 22 of the Microsoft Security Intelligence Report, released Thursday. The report, announced in a blog post, focused primarily on cloud and endpoint data.

Why such a big increase?

"A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services," the report said.

SEE: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF)

Another year-over-year increase cited in the report was that of account sign-ins attempted from malicious IP addresses. According to the post, that number jumped by 44% from Q1 2016 to Q1 2017.

So, where did these attacks originate? According to the post, more than two-thirds of the incoming attacks on Azure came from IP addresses tied to the US and China. Of the attacks, 32.5% came from the US and 35.1% came from China. Korea came in a distant third place, representing only 3.1% of the attacks. The remainder of attacks comprised some 116 other countries and regions.

"Cloud services such as Microsoft Azure are perennial targets for attackers seeking to compromise and weaponize virtual machines and other services, and these attacks are taking place across the globe," the post said.

The rise of ransomware was also documented in the report, but it noted that the trend itself has been felt in different degrees based on geographic location. The highest ransomware rates were in Europe, with the Czech Republic representing 0.17% of all attacks, while Italy, Hungary, and Spain all came in at 0.14%, the report noted.

The lowest ransomware encounter rates occurred in Japan (0.012%), China (0.014%), and the US (0.02%), according to the report.

"Microsoft recommends that victims of ransomware infections not pay the so- called fine," the report said. "Ransomware is distributed by malicious attackers, not legitimate authorities, and paying the ransom is no guarantee that the attacker will restore the affected computer to a usable state."

In terms of malicious software, trojans were the most commonly encountered form, dwarfing worms, malware, ransomware, and other exploits, the report found. The Win32/Xadupi led the trojan encounters and was also the most commonly encountered malicious software family.

The 3 big takeaways for TechRepublic readers

  1. Cloud-based Microsoft accounts saw a 300% increase in cyberattacks form Q1 2016 to Q1 2017, according to volume 22 of the Microsoft Security Intelligence Report.
  2. Account sign-ins attempted from malicious IP addresses also rose by 44% in that same time period.
  3. Ransomware was distributed differently by geography, with Europe seeing the highest infection rates and the US, China, and Japan seeing the lowest.

Also see

cloudsec.jpg
Image: iStockphoto/maxkabakov

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox