Microsoft: Multifactor adoption remains low
More than three-quarters (78%) of organizations with Microsoft Active Directory (AD) currently do not employ multifactor authentication (MFA) for their user accounts, new telemetry from Microsoft’s Azure Active Directory service shows.
The data, published in Microsoft’s new quarterly “Cyber Signals” report, also includes an eye-popping stat about the volume of identity attack attempts: In 2021, Azure Active Directory detected and blocked over 25.6 billion attempts to brute-force user accounts.
“We see, every second, about 580 to 600 password attacks [attempted],” said Microsoft CISO Bret Arsenault in an interview with Dark Reading. “So that means there are about 18 billion every year.”
While multifactor authentication, Arsenault noted, is a key defense to protect organizations from cyberattacks – especially ransomware – adoption has been slow, adding that “99.9% of breaches would be prevented if you just implemented MFA.”
“When we look at these systems and we see that not everyone has implemented MFA, I think that’s one of those things that’s most amazing to me is how long it takes those entities to go get [MFA deployed],” he said.
A new study by Okta found that attackers target Microsoft 365 accounts that are not MFA-protected 10 times more or higher than accounts that don’t use so-called legacy authentication, or the traditional single-factor password method.
“The conclusion we should draw is that attackers are predominantly targeting Office 365 via legacy protocols,” says Brett Winterford, senior director for cybersecurity strategy at Okta. “Why go to the trouble of trying to bypass MFA when there are accounts that only require a username and password?”
AD servers themselves have become a juicy target for cybercriminals. Take ransomware attacks, which feed off stolen credentials that are then used to fan out to encrypt multiple machines in a victim organization.
“Domain controllers [such as AD] are the primary target of ransomware actors. From this one server, the attacker can discover and access every device on the network and very quickly bring an organization to a grinding halt,” Winterford says. “We’re routinely reading reports of ransomware groups moving from a single compromised account to domain admin in a mere matter of hours.”
To read the complete article, visit Dark Reading.