IT researchers have observed a botnet with over 130,000 infected systems carrying out password spraying attacks on Microsoft 365 accounts. The mass testing of user password combinations enables access to poorly secured accounts.
SecurityScorecard has found direct evidence of these attacks and advises organizations to review their systems and change credentials. Basic Authentication should be largely deactivated, but it is still active in some environments. Microsoft plans to switch it off completely by September 2025 at the latest.
These attacks show how important it is to switch to secure login procedures. Companies should actively monitor login patterns and implement mechanisms against password spraying.
Source: https://www.heise.de/news/