Cybercriminals Conduct 13 Million Microsoft 365 Password Spraying Attempts
/ 1 min read
💻🔍 Cybercriminals exploit legitimate HTTP tools for Microsoft 365 account takeovers. A recent report by Proofpoint reveals that cybercriminals are increasingly using legitimate HTTP client tools like Axios and Node Fetch to conduct account takeover (ATO) attacks on Microsoft 365 environments. These tools, originally sourced from public repositories, facilitate various attack methods, including Adversary-in-the-Middle (AitM) and brute-force techniques. By mid-2024, 78% of Microsoft 365 tenants experienced at least one ATO attempt, with high-value targets such as executives and financial officers being particularly affected. The report highlights a significant password spraying campaign, with over 13 million login attempts recorded since June 2024, primarily targeting the education sector. As attackers adapt their strategies, the use of these tools is expected to continue evolving, enhancing their effectiveness.
