Barracuda XDR Insight Reveals Threat Severity Rises During Vacation Month

The latest threat statistics from Barracuda, a trusted partner and leading provider of cloud-first security solutions, reveal that between June and September 2022, the main threats were successful Microsoft 365 logins from a suspicious country, accounting for 40% of attacks from suspicious countries. Followed by connections from the network to a known dangerous IP address (15% of attacks), and attempts to authenticate the user by brute force (10%).

The research shows that the intensity of attacks has skyrocketed with 1 in 5 (96,428) high-risk attacks reported between June and September 2022 compared to 1 in 80 (17,500) attacks in January 2022. Experts at Barracuda analyzed 4 alerts ,76,994 threat alerts from June to September, of which 20% amounted to 96,428 alerts and urged corrective action.

Among the most important threats discovered, successful login to Microsoft 365 from a suspicious country is classified as a “high risk”, which is likely to cause serious damage and requires immediate action. This attack accounted for 40% of all attacks during the 90-day window. Countries reporting a security alert automatically include Russia, China, Iran, and Nigeria. A successful Microsoft 365 account hack provides the intruder with potential access to all the connected and integrated assets that the target has stored on the platform. Among other things, analysts are looking for evidence of multi-country logins to the same account.

Connecting to a threat intelligence IP address and attempting brute-force authentication by a user is categorized as a “medium risk”, which requires mitigation but will not normally result in significant impact as a standalone event. Attacks accounted for 15% and 10% respectively, with the former involving any attempt to maliciously connect from a device within the network to a known website or C&C server, etc., and user attempts to brute force authentication are automated attacks attempting to breach the organization’s defenses simply by running larger Possible number of name/password combinations.

“Cyber ​​attackers target businesses and IT security teams during off hours such as weekends, overnight, or during the holiday season, such as summer and festivals,” he said. Parag Khurana, Country Director, Barracuda Networks India.

“Businesses should strengthen essential security measures such as enabling multi-factor authentication (MFA) across all applications and systems, ensuring all critical systems are backed up, and implementing a robust security solution that includes email protection, Web Application Firewall (WAF), and endpoint detection and response.” ( EDR) in order to monitor, detect and respond to cyber threats”.