Microsoft warns Exchange users over password spray attacks
Crooks are trying out endless username/password combos
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Password spray attacks againstMicrosoftExchange users are on the rise, the company has warned, urging organizations to set up Authentication Policies as a mitigation measure.
In aTech Community blog postdiscussing the issue, “the Exchange Team” said many of its customers that leverage basic authentication are being targeted.
“The evidence I see every day clearly indicates thatpasswordspray attacks are becoming more frequent,” the blog said. As a result, the team decided to turn off basic auth in Exchange Online.
Numbers game
A password spray attack is essentially a brute force assault in which threat actors use automation to try as many username/password combinations on the login screen, until they find one working combination. Unlike basic brute force attacks, though, password spray attacks constantly keep changing usernames, as well as source IPs, too. That prevents any security tools from locking the targeted accounts down.
“It’s a numbers game essentially, and computers are quite good at numbers. And as attacks go, it works,” the blog added.
The protocols most commonly under attack are SMTP and IMAP, the researchers said, adding that POP, while being third on the list, is a far cry from the top two.
Windows 11 now has much better protection against brute-force attacks>Brute-force attacks targeting MSSQL servers, Microsoft warns>These are the best email service providers right now
To make sure only known accounts can use basic auth with specific protocols, the Exchange Team suggests organizations set up Authentication Policies. “Start with SMTP and IMAP and do it today!,” they say.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Brute force attacks are quite popular among threat actors, mostly because people are known to use the same username/password combination across a wide range of online services.
By compromising one service, and stealing its login data, threat actors can often compromise accounts on multiple platforms, obtaining a real treasure trove of data that enables them to engage inidentitytheft, and in some case, even financial theft.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
