Back to Blog

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

March 18, 2019

By: mirabiliscorp

 

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

Experts at Proofpoint conducted an interesting study of massive attacks against accounts of major cloud services, The experts noticed that attackers leverage legacy protocols and credential dumps to increase the efficiency of massive brute force attacks.

Attacks against Office 365 and G Suite cloud accounts using IMAP are difficult to protect against with multi-factor authentication, where service accounts and shared mailboxes are notably vulnerable.” reads the study published by Proofpoint. “At the same time, targeted, intelligent brute force attacks brought a new approach to traditional password-spraying, employing common variations of the usernames and passwords exposed in large credential dumps to compromise accounts.”

The experts analyzed over one hundred thousand unauthorized logins across millions of monitored cloud user-accounts, below key findings from the study:

  • 72% of tenants were targeted at least once by threat actors  
  • 40% of tenants had at least one compromised account in their environment  
  • Over 2% of active user-accounts were targeted by malicious actors 
  • 15 out of every 10,000 active user-accounts were successfully breached by attackers 

The attacker’s primary goal is to carry out internal phishing, especially when the initial target does not have the access needed to transfer money or data. The access to a cloud account could be exploited by attackers for lateral movements and to expand footholds within an organization via internal phishing and internal BEC. Experts observed that compromised accounts are also used to launch external attacks.

More: https://securityaffairs.co/wordpress/82480/hacking/imap-protocol-attacks.html

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.