The Download
A massive botnet comprising over 130,000 compromised devices is executing large-scale password-spraying attacks targeting Microsoft 365 accounts. These attacks exploit the noninteractive sign-in feature—a basic authentication method often overlooked by security teams. Noninteractive sign-ins are performed by client applications or operating system components on behalf of users, utilizing previously established credentials without requiring user intervention. Attackers leverage this feature to conduct high-volume password-spraying attempts, aiming to gain unauthorized access to accounts while remaining undetected.
What You Can Do
To defend against these stealthy attacks, IT administrators should disable basic authentication protocols like noninteractive sign-ins, replacing them with modern, secure authentication methods such as OAuth or token-based authentication. Implementing multi-factor authentication (MFA) adds an additional layer of security, significantly reducing the risk of unauthorized access. Regularly monitoring sign-in logs, including noninteractive sign-ins, is crucial for detecting unusual activities. Enforcing strong password policies and educating users about the importance of unique, complex passwords can further enhance account security.
ThreatMate analyses M365 tenants for security risks. Sign up for a demo today!
To Learn More: