It stands to reason that Microsoft would be a big target for threat actors. Aside from the obvious hacker cred someone could gain from stealing source code or releasing corporate secrets, Azure hosts thousands of businesses and a compromise of that platform would be catastrophic for many companies. The most recently released Microsoft Security Intelligence Report points to an increasingly dangerous online world.
The full report [PDF, 61 pages] shows that Microsoft is now fighting off four times as many attacks as last year. Attempted sign-ins from known malicious IP addresses are up 44%. Communications with malicious addresses count for just over half of all attacks with 23% of attacks being based on brute force attacks and almost one in five attacks being email based.
In terms of where the attacks originate, more than two-thirds of incoming attacks on Azure services in 1Q17 came from IP addresses in China (35.1%) and the United States (32.5%).
Unsurprisingly, quite a bit of Microsoft’s advice for protecting yourself from the attacks they identify involves investing in and deploying other Microsoft technologies. In other words, there’s a bit of marketing-speak in the report. And the data in the report seems to be consistent with what I read in reports from other vendors and from independent analysts.
One of the pieces of advice put forward by Microsoft was around avoiding password re-use. While we all know this can be a source of vulnerability, it’s interesting that Microsoft Research has a slightly different view in some situations.