Summary: A botnet of over 130,000 compromised devices is launching extensive password-spray attacks on Microsoft 365 accounts, exploiting a non-interactive authentication feature often overlooked by security teams. This method allows threat actors to execute high-volume attacks with minimal detection, risking account takeovers and other security breaches. Organizations using Microsoft 365 are urged to verify their vulnerability and improve their authentication security measures.
Affected: Microsoft 365 accounts
Keypoints :
- A botnet has successfully targeted Microsoft 365 accounts through non-interactive sign-ins.
- This attack method allows for extensive password spraying without triggering alerts due to the nature of non-interactive authentication.
- Organizations should monitor their security practices, including implementing privileged access management and regular credential rotation.
Source: https://www.darkreading.com/cyberattacks-data-breaches/microsoft-365-accounts-sprayed-mega-botnet