A recent survey revealed that threat actors are using previously stolen login credentials to launch brute-force attacks on high-profile cloud-based business systems that use multi-factor authentication (MFA).
According to the research by enterprise security firm Proofpoint, hackers are using IMAP-based password spraying attacks to breach Microsoft Office 365 and G Suite accounts which are protected with multi-factor authentication. This technique allows malicious actors to perform credential stuffing attacks to compromise sensitive data.
“This study demonstrates the increasing sophistication of threat actors around the world who are leveraging brute force methods, massive credential dumps, and successful phishing attacks to compromise cloud accounts at unprecedented scale. Service accounts and shared mailboxes are particularly vulnerable while multifactor authentication has proven vulnerable. Attackers parlay successful compromises into internal phishing attacks, lateral movement in organizations, and additional compromises at trusted external organizations,” according to a statement in the report.
In its six-month study on major cloud service tenants, the Proofpoint’s Information Protection Research Team stated that they’ve found around one lakh unauthorized logins across millions of monitored cloud user-accounts. The study revealed that around 60% of all Microsoft Office 365 and G Suite tenants have been targeted using IMAP-based password-spraying attacks and approximately 25% of G Suite and Office 365 tenants were experienced a breach.
Stating that the attacker’s primary goal is to launch internal phishing, the survey also found that most of the attackers logins originated from Nigerian IP addresses which are accounted for 40% of all successful malicious efforts, followed by logins from Chinese IP addresses accounted to 26%. And other major sources of successful attacks noticed in the United States, Brazil, and South Africa.
The report concluded that organizations need to implement intelligent security measures to combat the evolving threats which are potential risks to user cloud accounts.