Microsoft revealed that Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks last year.
The IT giant added has blocked more than 25.6 billion Azure AD brute force authentication attacks and detected 35.7 billion phishing emails with Microsoft Defender for Office 365 in 2021.
Enabling multi-factor authentication (MFA) and passwordless authentication would allow customers to protect their accounts from brute force attacks. However, only 22 percent of customers using Microsoft Azure Active Directory (Azure AD), Microsoft’s Cloud Identity Solution, have implemented a strong identity authentication protection as of December 2021.
“MFA and passwordless solutions can go a long way in preventing a variety of threats and we’re committed to educating customers on solutions such as these to better protect themselves. From January 2021 through December 2021, we’ve blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365.” states Microsoft.
Microsoft added that its Defender for Endpoint blocked more than 9.6 billion malware threats
targeting enterprise and consumer customer devices, between January and December 2021.
Microsoft pointed out that online threats are increasing in volume, velocity, and level of sophistication. The company introduced Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research.
Cyber Signals provide trend analysis and practical guidance to strengthen the defense of its customers.
“With Cyber Signals, we’ll share trends, tactics, and strategies threat actors use to gain access to the hardware and software that houses one’s most sensitive data. We will also help inform the world on how, collectively, we can protect our most precious digital resources and our digital lives so we can build a safer world together.” concludes Microsoft.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, phishing attacks)