Many of my cyber security investigations have involve the compromise of Microsoft 365 credentials. These are a valuable commodity for threat actors, as a carelessly managed set of credentials may give them the keys to raid your information.
The latest attack on M365 credentials, in the tech news, is a brute force attack that involves the illegitimate use of some high speed computing tools and is having a reported 10% success rate.
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
But our organisation enforces MFA!
Now the hackers may get lucky and brute force a poor password, which you have not protected by multi-factor authentication (MFA).
However the even with MFA protection, did your Cyber Security Awareness Training include explaining to your people what “MFA Fatigue” is? Ours does. This is probably where the threat actors are getting their 10% success rate from.
Will you be in the 10%?
Clive Catton MSc (Cyber Security) – by-line and other articles
