The Great Battle for Identity
Securing online identities will be one of the biggest challenges in 2022, both for businesses, public organizations and citizens, according to Microsoft’s latest “Cyber Signals” report. In December 2021 alone, the company experienced 83 million attacks targeting corporate customers. In the case of up to 78 percent. Of those, the victims did not use strong enough authentication methods.
The Cyber Signals Report is based on the latest data and research from Microsoft on cybersecurity. The company’s experts analyzed 24 trillion signals about online threats, along with information from more than 40 state-backed and 140 other groups. The digital giant’s experts have no doubts – one of the biggest challenges in 2022 will be securing the identity of Internet users. Email addresses and passwords used in various online applications and services are at risk. Identity is currently one of the most valuable “passes” for cybercriminals, used to hack networks, steal credentials, and impersonate employees and consumers in the digital world.
Only in 2021, Microsoft discovered and banned:
• More than 35.7 billion phishing and other malicious emails targeting business and consumer customers;
Check also:
• More than 25.6 billion attempts to take control of corporate customer accounts through a brute force attack, which consists in cracking passwords and encryption keys by checking all possible combinations;
• More than 9.6 billion malware threats target corporate and consumer devices.
State-linked entities are the most active criminal groups targeting identity theft. One such example is NOBELIUM, a Russia-linked cybercriminal group that specializes in credential-cracking. They attack the accounts of the IT service providers, and gain access to their customers’ data. Another example is the DEV-0343 group associated with Iran. The activity of the DEV-0343 is observed in defense companies that manufacture military radar, UAV technology, satellite systems and emergency communications systems. The activities of the criminals are directed to the ports of the Persian Gulf and companies that deal with shipping and cargo transportation, and their activities are located in the Middle East.
Incident analysis shows that despite the growing number of threats in the past two years, only 22% of companies using Azure Active Directory (services for managing identity and access to corporate resources) decided to introduce stronger methods of identity protection, such as – factor authentication (MFA) or non-factor authentication (MFA) solutions. A password can greatly prevent dangerous intrusions into the corporate network.
“It is important to understand the importance of the threat and to use strong authentication methods. It is not only about securing businesses, but also our personal data, devices, identities and target platforms. At Microsoft, we believe that security is a team game, and by sharing the knowledge we have gained we can make the world safer “. Krzysztof Malesa, National Security Officer at Microsoft Polska.
