FREE Office 365 Security Health Check
CONTACT US
CONTACT US

VMHOSTS NEWS

What is a Password Spray Attack?

A Chinese botnet of over 130,000 devices has been detected to be attacking M365 accounts recently using outdated authentication for a Password Spray attack.
BACK TO ALL POSTS
BACK TO HOME

A Chinese botnet of over 130,000 devices has been detected to be attacking M365 accounts recently using outdated authentication for a Password Spray attack.

Password spray attacks are a type of brute-force attack, but they work differently from traditional attempts. Instead of trying multiple passwords against a single account, attackers try a few common passwords across many accounts. This allows them to bypass traditional security measures like account lockout policies. Combined with using legacy authentication methods, they bypass most of the security of the M365 platform such as MFA and lockout policies. If an attacker gains access to just one account, they can often move laterally, access emails, sensitive documents, and even cloud storage!

Signs Your M365 Account Is Being Targeted

Small businesses need to be aware of the warning signs:

  • Multiple failed login attempts from different locations – If you notice login attempts from various geographic regions where you don’t operate, that’s a red flag.
  • Unusual login patterns – If users report login notifications from unfamiliar places, an attacker may be testing passwords.
  • Unexpected account lockouts – Some users may experience account lockouts due to repeated failed attempts.
  • Access attempts during odd hours – Attackers often work during non-business hours to avoid detection.

Monitoring of signs such as these are critical to ensure your M365 environment remains secure.

How To Protect Against Password Spray Attacks?

Due to the way Password Spray Attacks work there are certain key methods to protect against them:

  • Enforce Strong Password Policies – by avoiding weak passwords you mitigate one of the vectors in this type of attack. Combined with MFA you have a great base level of security.
  • Leverage M365 features. Conditional Access allows you to set rules which help mitigate attacks and ensure only valid logins work.
  • Smart Lock out policies allow you to block locations and IPs which are suspicious.
  • Risk Based Authentication allows you to detect risky logins and prompt for further verification.
  • Remove legacy authentication. If you don’t need POP3 and IMAP disable them!
  • Educate Employees – the people on the front line are the first line of defence!

👉 Contact Us if you want a free M365 security health check!

READ OUR LATEST BLOG POSTS & articles

What Is Backup Immutability?

Ransomware is getting smarter — your backups need to be smarter too.
READ MORE

Veeam V13: Stronger Security, Faster Performance and More Cloud Freedom for Modern Backup

Veeam Backup & Replication V13 brings major enhancements in security, performance, and cloud readiness, including expanded immutability options, improved anomaly detection, and better handling of large or high-churn workloads.
READ MORE

Ransomware Readiness: Would Your Business Survive?

We’re here to ensure your business is ready should the worst happen…
READ MORE

FREE Office 365 Security Health Check

As businesses move to agile mobile solutions such as Office 365, cyber criminals are exploiting this choice, to many Office 365 is new technology platform. Once a business has migrated key services to these always on services they become dependent on their availability and make the assumption the platform is secure by default.

FIND OUT MORE