Security News > 2022 > February > Microsoft blocked billions of brute-force and phishing attacks last year

Office 365 and Azure Active Directory customers were the targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft.
"From January 2021 through December 2021, we've blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365," said Vasu Jakkal, Microsoft's Corporate Vice President for Security, Compliance, and Identity.
Multi-factor authentication and passwordless authentication would make it a lot harder for threat actors to brute force their way into their targets' Microsoft accounts, Jakkal added.
Even though attackers have been steadily increasing their breach attempts throughout the last two years, Microsoft is yet to see the vast majority of its customer base interested in adopting strong identity authentication, including passwordless auth and MFA. "For example, our research shows that across industries, only 22 percent of customers using Microsoft Azure Active Directory, Microsoft's Cloud Identity Solution, have implemented strong identity authentication protection as of December 2021," Jakkal said.
Just last week, Microsoft warned of an active multi-stage phishing campaign leveraging Azure AD to register rogue devices onto targets' networks to distribute phishing emails.
Microsoft and Google provide simple-to-follow guides on how to secure your accounts, with Microsoft offering a support page on the five steps to secure your identity and Google a blog post on the five things to do to stay safe online.
News URL
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)