A recent cyber attack utilizing a botnet has targeted Microsoft 365 users, putting over 130,000 compromised devices at risk. The attackers are conducting coordinated password-spraying attacks against Microsoft 365 accounts, posing a significant threat to organizations across various sectors.
Instead of traditional login methods that may trigger alerts, the attackers are using non-interactive sign-ins to avoid detection. This method bypasses Multi-Factor Authentication (MFA) checks and can go unnoticed by standard security monitoring systems. By using stolen credentials from infostealer logs, the attackers are targeting a wide range of Microsoft 365 tenants, including financial services, healthcare, government, technology firms, and educational institutions.
The attackers exploit non-interactive sign-ins, abuse Basic Authentication protocols, and coordinate their efforts through command-and-control (C2) servers. These tactics allow them to access sensitive data, disrupt services, conduct phishing campaigns, and move laterally within organizations, increasing security risks.
Security experts recommend organizations review sign-in logs, audit background service accounts, update credentials found in non-interactive sign-in logs, transition to modern authentication practices, and monitor for unusual traffic patterns. Microsoft plans to retire certain Basic Authentication protocols, emphasizing the need for organizations to strengthen their protection against such cyber attacks.
Jason Soroko, Senior Fellow at Sectigo, highlights the importance of securing non-interactive logins in Microsoft 365. He advises organizations to use alternative secure mechanisms for automated logins, enforce stricter authentication through conditional access policies, and monitor access for potential security threats.
In conclusion, the botnet-powered cyber attack targeting Microsoft 365 users underscores the importance of proactive cybersecurity measures to mitigate risks and safeguard sensitive information. By implementing the recommended security practices, organizations can enhance their defense mechanisms and protect against evolving cyber threats in today’s digital landscape.