Summary: Proofpoint research indicates a rising trend where cybercriminals exploit legitimate HTTP client tools to execute account takeover (ATO) attacks, particularly targeting Microsoft 365 environments. The analysis highlights a shift in the types of tools used and reveals that targeted campaigns, employing techniques like Adversary-in-the-Middle, have achieved notable success rates despite low general success in brute force attempts. Key industries affected include finance, construction, and IT, with significant implications for sensitive data security.
Affected: Microsoft 365 environments
Keypoints :
- Cybercriminals are increasingly using tools like XMLHttpRequest, Node.js HTTP requests, and more diverse HTTP clients for ATO attacks.
- Recent campaigns have shown a significant monthly average success rate of up to 38% in compromising user accounts with targeted methods.
- Between June to November 2024, 43% of targeted user accounts were compromised, with implications for finance, construction, and technology sectors.
- Proofpoint recommends leveraging user-agent data with threat intelligence to enhance detection and protect against these threats.
Source: https://securityonline.info/http-client-tools-weaponized-in-account-takeover-attacks/