Password hacking attacks are on the rise. Here’s how to stop your accounts from being stolen

Image: Getty/MoMo Productions

Cyber crooks are making almost 1,000 attempts to hack account passwords every single second – and they’re more determined that ever, with the number of attacks on the rise.

The figures come from Microsoft’s Digital Defense Report 2022 and are based on analysis of trillions of alerts and signals collected from the company’s worldwide ecosystem of products and services.  

It warns that cyber attacks are on the rise, with account passwords still very much the main target of hackers – particularly as many accounts are still vulnerable because they lack any additional layers of protection beyond the password itself to help keep them secure. 

According to Microsoft, the volume of password-based attacks has risen to an estimated 921 attacks every second – representing a 74% increase in just one year for what’s the primary method by which accounts are compromised. 

Attacks against passwords include brute force attacks attempting to crack simple or common passwords, attackers attempting to use leaked usernames and passwords to access other accounts owned by the victim and phishing attacks designed to dupe victims into handing over their login credentials. 

The report suggests that 90 percent of accounts which get hacked aren’t protected by ‘strong authentication’ – meaning that the vast majority of accounts which get breached only have one layer of protection as opposed to having an additional layer of multi-factor authentication (MFA) for added verification. 

But according to figures from Microsoft, the number of accounts protected by MFA remains low, even for administrator accounts, with under one in three protected with an additional layer of authentication – although the number of accounts protected in this way is slowly rising. 

Also: A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposed

Nonetheless, while there’s been an increase in accounts with additional layers of protection, many remain vulnerable to attackers who can exploit compromised accounts to conduct harmful activity including stealing sensitive data, conducting business email compromise attacks, deploying malware, launching ransomware attacks and more.

“Many cyberattacks are successful simply because basic security hygiene has not been followed,” said Microsoft – and the company urges organizations and users to apply minimum standards to help protect accounts as even basic security hygiene still protects against 98% of attacks.    

This includes protecting accounts with multi-factor attention, so if a password is hacked, the attacker will struggle to access the account without the user being made aware that something is wrong – although even MFA isn’t infallible. 

It’s also recommended that zero trust cybersecurity principals are applied across networks and devices, so it’s difficult for an attacker to gain full access systems with a single login using a compromised account. 

Software, applications and operating systems should also be kept up to date with the latest security patches in order to prevent cyber attackers from exploiting known vulnerabilities to access and hide malicious activity on networks. 

And in the event of suspecting that your password has been hacked, you should change it immediately – and could consider using a password manager to help ensure each of your accounts is secured with a password that’s both strong and unique to help protect them from hackers. 

MORE ON CYBERSECURITY

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.