Proofpoint reports an alarming rise in account takeover (ATO) attacks on Microsoft 365, utilizing legitimate HTTP client tools like Axios and Node Fetch. Originally sourced from repositories like GitHub, these tools facilitate brute-force methods and Adversary-in-the-Middle attacks. A staggering 78% of Microsoft 365 tenants faced such attacks by mid-2024, peaking in May with millions of hijacked residential IPs. The attackers utilize advanced techniques, including creating new mailbox rules and registering OAuth applications, to maintain persistent access and evade detection.
Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments.
In May 2024, these attacks peaked, leveraging millions of hijacked residential IPs to target cloud accounts.
Collection
[
|
...
]