Nearly All Compromised Accounts Did Not Use MFA

During the recent RSA cybersecurity conference, Microsoft engineers said that 99.9 percent of the compromised accounts they’ve tracked don’t use multi-factor authentication (MFA). In most cases, the account hacks happen through simplistic attacks, which MFA is typically effective against. The primary sources of most hacks of Microsoft accounts was password spraying, when an attacker picks a common and easy-to-guess password, and goes through a long list of usernames until they get a hit and can access an account using said password. The second source of account hacks, Microsoft said, was password replays, a technique that involves an attacker taking credentials leaked at another company and then trying the same credentials on a Microsoft account, hoping the user reused usernames and passwords. Additionally, Microsoft noted that of the highly-sensitive accounts they monitor (those for enterprise use), only 11 percent had MFA enabled. Microsoft and other cybersecurity companies has been telling organizations and users alike to enable an MFA solution since last year, claiming that using an MFA solution – whatever it may be – blocks the vast majority of attacks. During last month’s WaterISAC Cyber Threat Briefing, Perch Security Vice President of Strategy Mike Riggs highly encouraged attendees to enable MFA. Read the article at ZDNet.