Microsoft successfully blocked billions of phishing emails and brute force attacks that targeted Office 365 and Azure Active Directory customers in 2021.
“From January 2021 through December 2021, we’ve blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365,” said Vasu Jakkal, Microsoft’s Corporate Vice President for Security, Compliance, and Identity.
Multi-factor authentication (MFA) and passwordless authentication would make it a lot harder for threat actors to brute force their way into customers’ Microsoft accounts, Jakkal added.
While attackers have steadily increased their breach attempts over the last two years, Microsoft has yet to see the majority of its customer base interested in adopting strong identity authentication, including passwordless authentication and MFA.
“For example, our research shows that across industries, only 22% of customers using Microsoft Azure Active Directory (Azure AD), Microsoft’s Cloud Identity Solution, have implemented strong identity authentication protection as of December 2021,” Jakkal said.
“MFA and passwordless solutions can go a long way in preventing a variety of threats and we’re committed to educating customers on solutions such as these to better protect themselves.”
Last week, Microsoft warned of an active multi-stage phishing campaign using Azure AD to register rogue devices onto targets’ networks to send phishing emails. According to reports, the attack was blocked on networks where an MFA policy was already implemented in Azure AD.
Both Microsoft and Google provide simple-to-follow guides to help users secure their accounts from cyberattacks. Microsoft offers a support page on the five steps for customers looking to secure their identities, while Google has a blog post on the five things to do to stay safe online.