Today’s cybercriminals use a range of methods to disrupt systems, but the most tried-and-true method remains the most popular: stealing someone’s password. According to a new report, there are nearly 1,000 password-based attacks every second, a 74 percent increase compared to last year. The data comes from Microsoft’s Digital Defense Report 2022, which analyzes trillions of signals from Microsoft’s global ecosystem of products and services to reveal the scale of global cyber threats.
Access the full report at
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us
The number of hacking incidents has increased significantly from the beginning of the year to date, largely due to Russia’s invasion of Ukraine in February and the resulting cyber war between countries. But hackers still prefer password-based attacks; Microsoft estimates that 921 such attacks occur every minute.
Brute force exhaustion remains a common method for gaining unauthorized access to password systems, and the computational power of NVIDIA’s RTX 4090 graphics card makes such attacks even more effective (in certain circumstances). Researchers recently demonstrated how Lovelace’s flagship graphics product could cycle through all 200 billion attempts of an eight-character password in just 48 minutes.
With many people cycling through account credentials across multiple sites and services, passwords compromised online after a massive data breach are a prime harvesting ground for hackers. a massive LinkedIn breach in 2012 is thought to have enabled hackers to access Mark Zuckerberg’s Twitter and Pinterest accounts in 2016.
Phishing attacks targeting stolen passwords remain rampant. Recently, criminals have been trying to exploit Twitter’s authentication reform by phishing for passwords to verified accounts, and even Steam users have been targeted. This increase is partly due to the enhanced phishing protection Microsoft added to the Windows 11 22H2 update.
Microsoft writes that 90 percent of hacked accounts are not protected by “strong authentication,” which refers to the single layer of protection being used and does not include multi-factor authentication (MFA). Microsoft warns that the number of accounts using MFA is low, even among administrator accounts, although these additional layers of protection do not guarantee 100% account security.
In addition to using MFA where it’s available, the usual advice applies if you want to make it difficult for hackers: avoid reusing passwords (consider a good password manager), keep your software up to date with patches, and avoid those dreaded weak passwords that are still inexplicably popular.
