Author Topic: Multi-Factor Auth Bypassed in Office 365 and G Suite IMAP Attacks  (Read 57 times)

Offline Antus67

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3626
    • View Profile
By Sergiu Gatlan



Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts protected with multi-factor authentication (MFA) according to an analysis by Proofpoint.

This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected.

As noted by Proofpoint's Information Protection Research Team in a recent report, during a "recent six-month study of major cloud service tenants, Proofpoint researchers observed massive attacks leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale."

Full Article Here:https://www.bleepingcomputer.com/news/security/multi-factor-auth-bypassed-in-office-365-and-g-suite-imap-attacks/
Vipre Advance Security
VoodooShield 4.7.2
Trojan Remover