Source: BleepingComputer Author: Bill Toulas URL: https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/
-
ONE SENTENCE SUMMARY: Threat actors are using the FastHTTP Go library for high-speed Microsoft 365 brute-force password attacks with notable success rates.
-
MAIN POINTS:
-
Threat actors launched attacks on Microsoft 365 accounts on January 6, 2024.
-
The FastHTTP library is used for automated unauthorized login attempts.
-
Brute-force attacks lead to account takeovers in 10% of cases.
-
65% of malicious traffic originates from Brazil, followed by other countries.
-
41.5% of attacks fail while 21% cause account lockouts.
-
A PowerShell script is available for checking FastHTTP user agents in logs.
-
Administrators should expire sessions and reset credentials upon detecting threats.
-
Multi-factor authentication can hinder brute-force attacks, protecting 10% of accounts.
-
The Azure Active Directory Graph API is a primary target of these attacks.
-
Full details on indicators of compromise are included in SpearTip’s report.
-
TAKEAWAYS:
-
FastHTTP is exploited for efficient brute-force attacks against Microsoft accounts.
-
Monitoring user agents is crucial for identifying potential compromises.
-
Implementing MFA can significantly reduce account takeover risks.
-
A proactive response plan is essential for administrators to mitigate threats.
-
Knowledge of attack patterns helps improve organizational security measures.