The latest threat intelligence from Barracuda, a trusted partner and leading provider of cloud-focused security solutions, reveals that between June and September 2022, the top threats were successful logins to Microsoft 365 from a suspected country, representing 40% of attacks come from suspicious countries. . This is followed by network communication to a known dangerous IP address (15% of attacks) and brute force user authentication attempts (10%).
Research shows attack severity has seen a huge spike, as 1 in 5 attacks (96,428) were highly critical and reported between June and September 2022, compared to 1 in 80 (17,500) in January 2022. Barracuda Experts analyzed 4,76,994 threat alarms from June to September of which 20% amounting to 96,428 were alerted and prompted to take corrective action.
Among the top threats detected, successful login to Microsoft 365 from a suspicious country is classified as “high risk”, which can cause serious damage and require immediate action. This attack accounted for 40% of all attacks during the 90-day window. The countries reporting an automatic security alert are Russia, China, Iran and Nigeria. A successful breach of a Microsoft 365 account provides an intruder with potential access to all connected and integrated assets the target has stored on the platform. Among other things, analysts are looking for evidence of connections from multiple countries to the same account.
Communication to an IP address to Threat Intelligence and attempt to brute-force user authentication is classified as “medium risk”, which requires mitigation but would generally not result in substantial impact as an event autonomous. Attacks accounted for 15% and 10% respectively, with the former including any attempt at malicious communication from a network device to a known website or command and control server, etc., and brute force authentication attempts of users are automated attacks. trying to penetrate an organization’s defenses by simply running as many name/password combinations as possible.
“Cyber attackers target businesses and IT security teams during off-peak hours such as weekends, at night, or during holidays such as summers and festivals,” said Parag Khurana, Country Manager, Barracuda Networks India.
“Companies should reinforce essential security measures such as enabling multi-factor authentication (MFA) on all applications and systems, ensuring that all critical systems are backed up, implementing a solution robust security package that includes email protection, web application firewall (WAF), and endpoint detection and response (EDR) to monitor, detect, and respond to cyber threats,” he said. he adds.
