Ninety-nine percent of global cyber attacks could have been prevented by basic security protection, most importantly multi-factor authentication (MFA) according to Microsoft.
In its annual Digital Defense report, the technology company has said espionage has been the driving force behind global cyber attacks over the past year. The report tracks cyber trends in the year up to June 2023.
Microsoft said a recent study based on real-world attack data from Microsoft Entra found MFA alone reduces the risk of compromise by 99.2%.
“There is one crucial point we must emphasise across them all: the vast majority of successful cyber attacks could be thwarted by implementing a few fundamental security hygiene practices. By adhering to these minimum-security standards, it is possible to protect against over 99% of attacks.”
In a blog accompanying the report, Microsoft corporate vice president customer security and trust Tom Burt said attackers are issuing thousands of MFA requests every day to break the resolve of users.
“Threat actors are taking advantage of ‘MFA fatigue’ to bombard users with MFA notifications in the hope they will finally accept and provide access. Microsoft has observed approximately 6,000 MFA fatigue attempts per day over the past year,” Mr Burt said.
At the same time, Microsoft logged a ten-fold surge in password-based attacks against cloud identities to 30bn per month in the first quarter of 2023. There was an average of 4,000 password attacks per second targeting Microsoft cloud identities this year.
Microsoft said along with MFA, the companies and organisations should also apply zero trust principles to limit the impact of an attack, use extended detection and response and anti-malware, keep systems up to date, apply patches and protect data.
Microsoft further said hyperscale cloud makes it easier to implement basic security measures, with cloud service providers taking responsibility for patch management for software-as-a-service platforms.
It said that the main driver behind cyber attacks is geopolitical, to spread propaganda or for espionage, in particular from Russian intelligence agencies as part of their war against Ukraine. M