Source: BleepingComputer
Author: Bill Toulas
URL: https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/
# ONE SENTENCE SUMMARY:
Threat actors are using the FastHTTP Go library for high-speed Microsoft 365 brute-force password attacks with notable success rates.
# MAIN POINTS:
1. Threat actors launched attacks on Microsoft 365 accounts on January 6, 2024.
2. The FastHTTP library is used for automated unauthorized login attempts.
3. Brute-force attacks lead to account takeovers in 10% of cases.
4. 65% of malicious traffic originates from Brazil, followed by other countries.
5. 41.5% of attacks fail while 21% cause account lockouts.
6. A PowerShell script is available for checking FastHTTP user agents in logs.
7. Administrators should expire sessions and reset credentials upon detecting threats.
8. Multi-factor authentication can hinder brute-force attacks, protecting 10% of accounts.
9. The Azure Active Directory Graph API is a primary target of these attacks.
10. Full details on indicators of compromise are included in SpearTip’s report.
# TAKEAWAYS:
1. FastHTTP is exploited for efficient brute-force attacks against Microsoft accounts.
2. Monitoring user agents is crucial for identifying potential compromises.
3. Implementing MFA can significantly reduce account takeover risks.
4. A proactive response plan is essential for administrators to mitigate threats.
5. Knowledge of attack patterns helps improve organizational security measures.