Slashdot Mirror
Microsoft Sees Over 10 Million Cyberattacks Per Day On Its Online Infrastructure (softpedia.com)
An anonymous reader writes: Microsoft's user identity management systems, made up by Microsoft Account (formerly Live ID, for home users) and Azure Active Directory (for its cloud/corporate services), see over 13 billion user logins per day, with 1.3 billion for AAD. The company says that over 10 million (per day) of these login attempts are cyber-attacks, which the company is able to detect. This information comes via Microsoft's most recent Security Intelligence Report, which also reveals details about a new cyber-espionage group named Platinum and that hackers are still using the same vulnerability (CVE-2010-2568) even today, which was used in the Stuxnet attacks. According to Pew Research Center, there's an increasingly growing fear among Americans about cyberattacks. In fact, it's the second most feared entity to them, the first being ISIS.
Cyberattacks are not an entity. They are a threat, but not an entity. An entity might be a state that sponsors those attacks, North Korea, for example.
Yay for meaningless numbers to paint redmond (owner of your computer) a stout guardian against the seas of evil bogeymen.
But the numbers are still meaningless, and the convenient labels of badness are just as empty.
>> The company says that over 10 million (per day) of these login attempts are cyber-attacks, which the company is able to detect. ...meanwhile the many successful and/or undetected attempts are conveniently presumed to be zero.
Well obviously, if they weren't collecting all that data they wouldn't be so lucrative targets. Collect or store nothing and your not really very attractive as a source of attack. If you just have static webpages then all you can do is block them. The minute you start to log user private data, passwords and content that is available to some customers the minute your worth rises and you become a worthwhile mark.
And they are terrified by terrorism. That explains why governments are deeply, maliciously and actively involved in both: terrifying people.
I wonder if Microsoft considers whether a machine being force-upgraded to Windows 10 is an attack.
Their customer base surely does.
Fear helps to keep military spending a high priority. Now that Windows 10 is free, perhaps fear will encourage spending on MS cyber security.
Or better yet, perhaps spending on their secure cloud service, which would not be free, but always up to date, and "idiot proof".
Hmm.... An interesting marketing approach sure to gain traction with a fearful, if not technically incompetent population.
Did counter overflow again?
Better add the US to the list you are cutting off as they are one of the top 3.
You're a fool if you think I believe the comment at the end about moderation will actually influence the moderation. Of course it won't. Instead, it's preemptively accusing people of avoiding the question in order to get more replies.
I've also posted plenty of stuff with that subject that hasn't been trollish. My comments about the Bayh-Dole Act were sincere. I do believe Microsoft is trying to cripple Windows 7 and 8.1 to force people to Windows 10. I really do support banning tobacco. If your apartment was always full of cigarette smoke from your neighbors and it causes you respiratory problems, you'd probably come to hate tobacco, too. I hate tobacco with a passion. I also really do question the relevance of six inductees to some random video game hall of fame. But yes, I've also done some trolling.
Slashdot is pretty broken. Most of the comments are already garbage. Moderation is horribly broken because it doesn't do a good job of separating the gems from the crap. At least mod up the good comments consistently! There's a horrible anti-American bias; people generally mod down nationalistic American comments, but bigoted comments from Europeans are often left alone or even modded up. The lameness filter is being used as a censorship tool.
I'm done with this trolling. I've made my point.
I see a password attack every 3 seconds on my server. I guess the attacker runs say 10 of these simultaneously to 10 different servers.
24 hours * 60 minutes * 20 per minute * 10 in parallel = 300k/day
So that would make Microsoft the victim of about 30-40 script kiddies?
Believe it or not, some of us work with guys in those countries, buy stuff off them, and so on. Have you ever been more than 5 miles from where you born?
You cannot cut off Russia, China, Indonesia etc, because everyone would have to agree on that. It won't make sense if the USA does it while Germany doesn't. Criminals will just hire servers in Germany and continue.
Also, as others have pointed out. Russia, China Indonesia are large economic powers on their own. Cutting them off will hurt millions of people.
Thirdly, it will only stop a part of the attacks. Friendly countries, including USA, also have criminals.
What you might probably want is some more restrictions on the anonymity off those who can connect to the internet. One serious issue is that an anonymous person can hire a server and claim to be, for instance, faceb00k.com. Both server and domain registration cannot be traced back to that person (if done well).
However, attacking this problem means putting restrictions on anonymous internet, which is a thing not well liked by some communities.
Those are more interesting by far as the byproducts are only visible after a while ...
I think M$ won't ever tell us about them!
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
That CVE is specific for XP and Server 2003. It's still going to work until people remove those machines.
You get modded down for being a dumb fuck and not realising the largest source of attacks is the US.
hey mods! mod this +3.14 GRODDIE!
This is news? Any computer with a direct connection to the internet get thousands of "cyber-attacks" every day, mostly from automated script-kiddy tools. It has been this way for at least the past 20 years.
I seriously doubt his mother allows him out. Takes a special kind of idiocy that is usually only present in kids to understand so little about the internet and where attacks come from yet think he has a good idea that must be voiced to fix the problem.
Cyberattacks is an entity?
Slashdot is pretty broken. Most of the comments are already garbage.
agreed, sadly though people like you are the root cause of the garbage. Would have taken you all of 10 seconds to do a search and work out what a dumb fucking idea it is that you posted.
Better add the US to the list you are cutting off as they are one of the top 3.
Yep. It's like drugs. People say "why do we trade with those countries" and then it turns out that the USA is one of the world's largest drug producers, drug consumers, and drug traffickers! That is to say, we are one of the countries that imports the most drugs specifically for export. And even the CIA admits it, it's in the world fact book.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
my SASSHOLE
Pretty sure it does in this case.
And thanks to the cloud all i have to do is pwn your single hotmail/live ID and i have EVERYTHING you have, docs, images, mail, remote wipe, ALL OF IT including control of your PC, you haven't lost control of just email but now the whole box and its contents :-D .
from a single compromised login.
thanks Microsoft
1. How many more attacks are they not able to detect?
2. How many undetected attacks are successful?
3. How do you think it's still a good idea to centralize identity management for everyone into a single point ripe for the picking?
4. What do you suppose will happen WHEN there is a breach?
how can one be sympathetic to their plight when one knows these millions of attacks are carried out by millions of compromised windows machines. they have pretty much created the whip on their backs.
10 million people who didn't realize you could access anyone's office 365 and outlook accounts without a password at all.
They must have started counting their own windows 10 installers..
Non sequitur: Your facts are uncoordinated.
More scary than hackers or ISIS: the IRS. You do not want to get audited, those are the people who took down Al Capone.
"First they came for the slanderers and i said nothing."
m$ does run Linux. It actually uses Linux a lot on its azure platform.
Of course that includes people logging onto microsoft dot com using Linux.
Good. Fuck 'em! Can't wait to read about the inevitable bankruptcy and destruction of that wretched goddamned fucking company.
The icing on top of that cake would be the conviction and sentencing to decades of prison time, of all the assholes who have been responsible for all the evil those motherfuckers have perpetrated over the course of the company's existence.
I wonder, philosophically, if that includes all their shareholders. Should they be counted as responsible parties too?
Correction: should be "and would personally"
Table-ized A.I.
10 million attacks per day... alright so then you've got to be out of your mind to use Azure or any Microsoft service.
Must be a slow day for them, then!
Gentlemen, arm your tinfoil hats!