Security News > 2022 > October > Microsoft: Watch out for password spray attacks – especially you, Basic Auth
Microsoft is warning Exchange Online users about a rise in password spray attacks, urging those that have yet to disable Basic Authentication to at least set up authentication policies to protect their users and data.
For three years, Microsoft been weaning popular software offerings like Outlook Desktop and Outlook Mobile App off Basic Auth in favor of more secure user authentication methods.
Millions of users have moved away from Basic Auth to Modern Auth over those three years and Microsoft has disabled it in millions of tenants, according to the company.
These customers will have to face identity attacks using Basic Auth.
To combat this, Microsoft is recommending organizations that are still using Basic Auth set up Exchange Online Authentication Policies, which will ensure that only those accounts that the organization knows should be using Basic Auth with specific protocols can.
Microsoft initially expected to disable all use of Basic Auth before the end of the year, but knew that despite the warnings, there were still many that continued to use the legacy authentication method.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/10/04/microsoft_exchange_password_spray/
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)