![]() “enabled logins using legacy single-factor authentication on devices which did not support multi-factor authentication." In April 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that SVR, an agency of Russia’s Foreign Intelligence Services, has been targeting M365 accounts with legacy authentication enabled using “low and slow” password spray attacks since at least 2018. The tools used in credential stuffing and password spray attacks are in the armoury of every category of attacker, and it isn't limited to those motivated by profit. ![]() The “point and shoot” tools to re-purpose them in credential stuffing attacks are cheap and easy to source.Ĭredential stuffing is a reliable form of attack because the best of us - even when we know we shouldn’t - reuse passwords across different services. Billions of stolen usernames and passwords from previous breaches are freely available on online forums (and routinely refreshed for a fee). There’s no OAuth2 compatibility, which means no opportunity to apply multi-factor authentication or the rich variety of access policies designed to protect users from common credential-based attacks.Īccounts using legacy authentication are easy pickings for attackers. In these requests, the client forwards the username and password with the request to the cloud service provider during sign-in. Many organizations (at least one in ten Microsoft customers, as of October 2021) still allow access to the M365 cloud using what Microsoft calls “Legacy Authentication”. ![]() If you do, you’re 53x more likely to be targeted in credential-based attacks. Does your organization still allow users to authenticate to Office 365 or other Microsoft services using only a username and password?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |