Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Source: BleepingComputer Author: Bill Toulas URL: https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/

ONE SENTENCE SUMMARY:

Threat actors are using the FastHTTP Go library for high-speed Microsoft 365 brute-force password attacks with notable success rates.

MAIN POINTS:

  1. Threat actors launched attacks on Microsoft 365 accounts on January 6, 2024.
  2. The FastHTTP library is used for automated unauthorized login attempts.
  3. Brute-force attacks lead to account takeovers in 10% of cases.
  4. 65% of malicious traffic originates from Brazil, followed by other countries.
  5. 41.5% of attacks fail while 21% cause account lockouts.
  6. A PowerShell script is available for checking FastHTTP user agents in logs.
  7. Administrators should expire sessions and reset credentials upon detecting threats.
  8. Multi-factor authentication can hinder brute-force attacks, protecting 10% of accounts.
  9. The Azure Active Directory Graph API is a primary target of these attacks.
  10. Full details on indicators of compromise are included in SpearTip’s report.

TAKEAWAYS:

  1. FastHTTP is exploited for efficient brute-force attacks against Microsoft accounts.
  2. Monitoring user agents is crucial for identifying potential compromises.
  3. Implementing MFA can significantly reduce account takeover risks.
  4. A proactive response plan is essential for administrators to mitigate threats.
  5. Knowledge of attack patterns helps improve organizational security measures.