It still works, set up a lot of devices to just try their luck to break into as many M365 accounts as possible – it will work sometimes. In this case over 100,000 devices have been hijacked to create a botnet that also side steps MFA security using an outdated authentication protocol.
Botnet targets Basic Auth in Microsoft 365 password spray attacks
Your Takeaway
I think the one thing you should think about when threat actors are trying to brute force your organisation’s Microsoft 365 environment – even if you have MFA enabled, see MFA – A Primer – is “Does anyone in your team reuse passwords, which may have been compromised?”
Many people do and many such password/user combinations are available out there on the Dark Web – here is the proof:
Have I Been Pwned adds 284M accounts stolen by infostealer malware
Next Step
Check and get help.
Clive Catton MSc (Cyber Security) – by-line and other articles