February 24, 2025 By Bill Toulas
A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, targeting basic authentication to evade multi-factor authentication.
According to a report by SecurityScorecard, the attackers are leveraging credentials stolen by infostealer malware to target the accounts at a large scale.
The attacks rely on non-interactive sign-ins using Basic Authentication (Basic Auth) to bypass Multi-Factor Authentication (MFA) protections and gain unauthorized access without triggering security alerts.
"Organizations relying solely on interactive sign-in monitoring are blind to these attacks. Non-interactive sign-ins, commonly used for service-to-service authentication, legacy protocols (e.g., POP, IMAP, SMTP), and automated processes, do not trigger MFA in many configurations," warns SecurityScorecard.
"Basic Authentication, still enabled in some environments, allows credentials to be transmitted in plain form, making it a prime target for attackers."
Source: SecurityScorecard
