Microsoft presented the results of another study of the Microsoft Security Intelligence Report. During which from January to March 2019. More than 3 billion credentials verified from various sources, including public databases.
The aim of the study was to search for compromised credentials in Microsoft systems. The results of the study showed that in more than 44 million cases, users set the same password for Azure AD and Microsoft services.
If one such login-password pair falls into the hands of attackers, then in 30% of cases it is possible to pick up a partially changed password (for example, by adding a sequence number) to other accounts with no more than ten attempts, which can used to attack cloud services, DDoS attacks, phishing emails or cryptocurrency mining.
According to a similar study in 2018 by the Virginia Polytechnic University, 52% of 30 million users neglected security rules and used the same or partially changed password. In 2019, the number of such users has decreased, but the numbers are still impressive.
Types of attacks most commonly used by attackers in 2019:
- Attacks on clouds
- DDoS attacks
- Drive-by Download – Hidden Download
- Cryptocurrency mining
- Phishing attacks
- Computer hygiene
- Ransomware Attacks