Microsoft warns of increased targeting of cloud accounts |
Microsoft's DART Discovery and Response Team has seen an increase in
password attacks against high-level cloud accounts and high-level
identities such as executives.
This method is a brute force attack where the attacker tries to access a large list of accounts with a small number of frequently used passwords.
These attacks usually use the same password when switching from one account to another. It's about finding accounts that are easy to hack and avoiding preventative measures like password locking and malicious IP blocking (when using bots).
This strategy reduces the likelihood of initiating account closures, as it is the target of typical brute force attacks. It will quickly try to log into a small number of accounts by showing you a large list of passwords.
"Over the past year, we've seen a slight increase in the use of this method," the DART team said. We've recently seen a slight increase in the number of cloud administrator accounts affected by such attacks. Hence, the purpose must be understood.
DART recommends activating and enforcing multi-factor authentication on all accounts as much as possible and introducing passwordless technology to significantly reduce the risk of account theft in the event of such attacks.
Address more and more well-known managers and clients
As Microsoft revealed a year ago, these attacks are among the most common authentication attacks. This equates to more than a third of corporate account penetration.
DART detected a large number of administrator accounts with different permissions during recent traffic attacks.
The most popular destinations range from Security and Exchange Administrators, SharePoint General and Conditional Access Administrators, Helpdesk, Billing, User, and Authentication to SharePoint admin accounts.
The attackers also attempted to break into the identities of well-known people (including executives). or access to sensitive data.
DART adds: It's easy to make policy exceptions for CEOs. But these are the most targeted accounts. Make sure to apply protection to avoid gaps in the settings.
In July, the US National Security Agency announced that the Russian hacking organization Fancy Bear used this method to launch attacks against the United States and foreign organizations, including the US government and agencies.
The company also said earlier this month that it had discovered that Iran's DEV-0343 and Russia-sponsored Nobelium were using this method to target defense technology companies and hosting or cloud service providers.