FREE Office 365 Security Health Check
CONTACT US
CONTACT US

VMHOSTS NEWS

What is a Password Spray Attack?

A Chinese botnet of over 130,000 devices has been detected to be attacking M365 accounts recently using outdated authentication for a Password Spray attack.
BACK TO ALL POSTS
BACK TO HOME

A Chinese botnet of over 130,000 devices has been detected to be attacking M365 accounts recently using outdated authentication for a Password Spray attack.

Password spray attacks are a type of brute-force attack, but they work differently from traditional attempts. Instead of trying multiple passwords against a single account, attackers try a few common passwords across many accounts. This allows them to bypass traditional security measures like account lockout policies. Combined with using legacy authentication methods, they bypass most of the security of the M365 platform such as MFA and lockout policies. If an attacker gains access to just one account, they can often move laterally, access emails, sensitive documents, and even cloud storage!

Signs Your M365 Account Is Being Targeted

Small businesses need to be aware of the warning signs:

  • Multiple failed login attempts from different locations – If you notice login attempts from various geographic regions where you don’t operate, that’s a red flag.
  • Unusual login patterns – If users report login notifications from unfamiliar places, an attacker may be testing passwords.
  • Unexpected account lockouts – Some users may experience account lockouts due to repeated failed attempts.
  • Access attempts during odd hours – Attackers often work during non-business hours to avoid detection.

Monitoring of signs such as these are critical to ensure your M365 environment remains secure.

How To Protect Against Password Spray Attacks?

Due to the way Password Spray Attacks work there are certain key methods to protect against them:

  • Enforce Strong Password Policies – by avoiding weak passwords you mitigate one of the vectors in this type of attack. Combined with MFA you have a great base level of security.
  • Leverage M365 features. Conditional Access allows you to set rules which help mitigate attacks and ensure only valid logins work.
  • Smart Lock out policies allow you to block locations and IPs which are suspicious.
  • Risk Based Authentication allows you to detect risky logins and prompt for further verification.
  • Remove legacy authentication. If you don’t need POP3 and IMAP disable them!
  • Educate Employees – the people on the front line are the first line of defence!

👉 Contact Us if you want a free M365 security health check!

READ OUR LATEST BLOG POSTS & articles

Microsoft to Close Conditional Access Loophole in Entra ID Sign‑Ins

Microsoft Entra ID has closed a Conditional Access loophole by ensuring policies are re-evaluated during step-up authentication, strengthening protection for sensitive applications within active sessions.
READ MORE

How Do You Choose the Right MSP for a Financial Services Firm in the South East UK?

The 6 critical areas to evaluate…
READ MORE

Microsoft Scheduling Assistant – how to guide

Our helpful instructions will guide you through how to use this time-saving tool, enabling you find the perfect meeting time.
READ MORE

FREE Office 365 Security Health Check

As businesses move to agile mobile solutions such as Office 365, cyber criminals are exploiting this choice, to many Office 365 is new technology platform. Once a business has migrated key services to these always on services they become dependent on their availability and make the assumption the platform is secure by default.

FIND OUT MORE