Researchers have discovered botnet of over 130,000 compromised devices that is launching password spraying attacks against Microsoft 365 accounts. Most if not all of which are service accounts. Details can be found here:
https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/
Darren James, Senior Product Manager at Specops Software, commented:
“This is certainly an interesting and often overlooked attack vector, password spraying of service accounts rather than users.
Service Accounts are regularly used to run business critical systems, their passwords are rarely changed, don’t have any type of 2FA applied and they usually have some elevated privilege depending on their function. Meaning they are a good target for attack.
We often see service accounts on our breached password and duplicate password reports when customers run our free tool Specops Password Auditor. These passwords are usually set by the IT admin who is installing the service and then never changed again, and it’s fairly common that the passwords set on these accounts aren’t strong or may have been used on other accounts in the past.
When we are discussing the results of the report, admins are always worried about making changes to service accounts as that might cause disruption to a business critical solution, but as this latest attack highlights, that approach does leave companies at risk.
Businesses should look to enforce very strong and long passwords on service accounts wherever possible, scan these accounts continuously for breached passwords, enforce the use of password vaults and randomly generated passwords for these types of accounts, or if possible, move to using a managed service account that allows the system to set, and regularly change, the passwords of service accounts without human intervention.”
Now would be a good time to change any Microsoft 365 service accounts passwords. Because the only reason why this attack is out there, is because it is likely meeting with some amount of success.
Like this:
Like Loading...
Related
This entry was posted on February 26, 2025 at 8:41 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Microsoft 365 Targeted by Massive Botnet in Password Spraying Attacks
Researchers have discovered botnet of over 130,000 compromised devices that is launching password spraying attacks against Microsoft 365 accounts. Most if not all of which are service accounts. Details can be found here:
https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/
Darren James, Senior Product Manager at Specops Software, commented:
“This is certainly an interesting and often overlooked attack vector, password spraying of service accounts rather than users.
Service Accounts are regularly used to run business critical systems, their passwords are rarely changed, don’t have any type of 2FA applied and they usually have some elevated privilege depending on their function. Meaning they are a good target for attack.
We often see service accounts on our breached password and duplicate password reports when customers run our free tool Specops Password Auditor. These passwords are usually set by the IT admin who is installing the service and then never changed again, and it’s fairly common that the passwords set on these accounts aren’t strong or may have been used on other accounts in the past.
When we are discussing the results of the report, admins are always worried about making changes to service accounts as that might cause disruption to a business critical solution, but as this latest attack highlights, that approach does leave companies at risk.
Businesses should look to enforce very strong and long passwords on service accounts wherever possible, scan these accounts continuously for breached passwords, enforce the use of password vaults and randomly generated passwords for these types of accounts, or if possible, move to using a managed service account that allows the system to set, and regularly change, the passwords of service accounts without human intervention.”
Now would be a good time to change any Microsoft 365 service accounts passwords. Because the only reason why this attack is out there, is because it is likely meeting with some amount of success.
Share this:
Like this:
Related
This entry was posted on February 26, 2025 at 8:41 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.