Attcks on M365 Credentials

It still works, set up a lot of devices to just try their luck to break into as many M365 accounts as possible – it will work sometimes. In this case over 100,000 devices have been hijacked to create a botnet that also side steps MFA security using an outdated authentication protocol.

Botnet targets Basic Auth in Microsoft 365 password spray attacks

Your Takeaway

I think the one thing you should think about when threat actors are trying to brute force your organisation’s Microsoft 365 environment – even if you have MFA enabled, see MFA – A Primer – is “Does anyone in your team reuse passwords, which may have been compromised?”

Many people do and many such password/user combinations are available out there on the Dark Web – here is the proof:

Have I Been Pwned adds 284M accounts stolen by infostealer malware

Next Step

Check and get help.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading