Multi-Factor Auth Bypassed in Office 365 and G Suite IMAP Attacks

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts protected with multi-factor authentication (MFA) according to an analysis by Proofpoint.

This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected.

As noted by Proofpoint's Information Protection Research Team in a recent report, during a "recent six-month study of major cloud service tenants, Proofpoint researchers observed massive attacks leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale."
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
This is a targeted attack on organizations. The hackers have to work pretty hard to brute-force their way in, but they have a lot of success in the end. Although it does sound pretty dismal, I don't think it threatens home users.
 

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Well, multi-factor authentication is one of the safest ways nowadays to perform login operations (a lot of websites and applications use it), so if hackers and malcoders could manage to break it, it would be very urgent to improve it as soon as possible, lately cyber attacks are aiming to steal credentials and accounts, see for example Collection #1 attack. Also, it's great in my opinion to check sometimes our accounts emails on Have I Been Pwned: Check if your email has been compromised in a data breach
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top