Content, Content

Microsoft Azure Cybersecurity Attacks Spiked 300 Percent in Q1 2017


Cybersecurity attacks on Microsoft Azure-based user accounts spiked an eye-popping 300 percent in Q1 2017 compared to the same time last year, the company said in the latest edition of its Security Intelligence Report (SIR).

Heading the list of vulnerabilities are all the usual suspects: Weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services.

The SIR report, which Microsoft has previously produced 21 times (48 authors and nine contributors had input to this edition) is newly segmented by cloud and endpoint cybersecurity data. The vendor reasons that a more “holistic” approach will best benefit the largest number of enterprises, most of which work in hybrid environments.

Here are six additional top-level findings from the report:

  • As organizations increasingly migrate to the cloud, the frequency and sophistication of attacks on consumer and enterprise accounts in the cloud is growing.
  • The number of account sign-ins attempted from malicious IP addresses increased in Q1 2017 44 percent year-over-year.

Weaponizing Azure?

Cloud services are prime targets for attackers “seeking to compromise and weaponize virtual machines and other services,” Microsoft said. “In a cloud weaponization threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of one or more virtual machines.” The attacker then launches attacks, including brute force and spam campaigns, against other virtual machines.

  • More than 89 percent of the malicious IP addresses contacted by compromised Azure virtual machines in Q1 2017 were located in China, followed by the U.S. at 4.2 percent.
  • More than two-thirds of incoming attacks on Azure services in Q1 2017 came from IP addresses in China (35 percent) and the U.S. (33 percent). Korea was third at three percent. Attacks sprung from another 116 countries and regions but in smaller numbers.
  • Ransomware encounter rates in Q1 were highest in Europe compared to the rest of the world. For example, encounter rates in the Czech Republic (0.17 percent), Italy (0.14 percent), Hungary (0.14 percent), Spain (0.14 percent), Romania (0.13 percent), Croatia (0.13 percent) and Greece (0.12 percent) were higher than the worldwide average in March 2017.
  • Ransomware encounter rates are the lowest in Japan (0.012 percent in March 2017), China (0.014 percent) and the U.S. (0.02 percent).

A few notes about the report itself:

  • The cloud threat intelligence section covers compromised accounts and password safety, cloud service weaponization and drive-by download sites.
  • A section on endpoint threat intelligence includes encounter rates, threat categories, threat families, exploits, ransomware, security software use, phishing sites and malware hosting sites.
  • In the current report, Microsoft compiled data from the period January 2017 – March 2017, departing from its usual schedule of producing an update every six months. The vendor said it intends to deliver more frequent updates in the future, although it did not commit to quarterly reports.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.