Attcks on M365 Credentials | Smart Thinking Solutions

It still works, set up a lot of devices to just try their luck to break into as many M365 accounts as possible – it will work sometimes. In this case over 100,000 devices have been hijacked to create a botnet that also side steps MFA security using an outdated authentication protocol.

Botnet targets Basic Auth in Microsoft 365 password spray attacks

Your Takeaway

I think the one thing you should think about when threat actors are trying to brute force your organisation’s Microsoft 365 environment – even if you have MFA enabled, see MFA – A Primer – is “Does anyone in your team reuse passwords, which may have been compromised?”

Many people do and many such password/user combinations are available out there on the Dark Web – here is the proof:

Have I Been Pwned adds 284M accounts stolen by infostealer malware

Next Step

Check and get help.

Cyber Security Awareness Training – Why?

Clive Catton MSc (Cyber Security) – by-line and other articles

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Your Takeaway

Next Step

Further Reading