Security News > 2022 > February > Microsoft blocked billions of brute-force and phishing attacks last year

Office 365 and Azure Active Directory customers were the targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft.
"From January 2021 through December 2021, we've blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365," said Vasu Jakkal, Microsoft's Corporate Vice President for Security, Compliance, and Identity.
Multi-factor authentication and passwordless authentication would make it a lot harder for threat actors to brute force their way into their targets' Microsoft accounts, Jakkal added.
Even though attackers have been steadily increasing their breach attempts throughout the last two years, Microsoft is yet to see the vast majority of its customer base interested in adopting strong identity authentication, including passwordless auth and MFA. "For example, our research shows that across industries, only 22 percent of customers using Microsoft Azure Active Directory, Microsoft's Cloud Identity Solution, have implemented strong identity authentication protection as of December 2021," Jakkal said.
Just last week, Microsoft warned of an active multi-stage phishing campaign leveraging Azure AD to register rogue devices onto targets' networks to distribute phishing emails.
Microsoft and Google provide simple-to-follow guides on how to secure your accounts, with Microsoft offering a support page on the five steps to secure your identity and Google a blog post on the five things to do to stay safe online.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)