Microsoft 365 account takeovers increasingly facilitated by HTTP clients

More threat actors have been exploiting HTTP client tools in account takeover attacks against Microsoft 365 environments, with over three-quarters of Microsoft 365 tenants subjected to at least one such intrusion between July and December, reports The Hacker News.

Intrusions leveraging the Axios HTTP client have successfully breached 43% of high-profile user accounts in the transportation, finance, IT, healthcare, and construction sectors from June to November, according to a Proofpoint analysis. On the other hand, at least 13 million login attempts have been conducted in a separate widespread password spraying campaign involving the Go Resty and Node Fetch clients since early June. Despite its scale, such a campaign, which has been mainly aimed at the education sector, only impacted 2% of targeted organizations, the report found. "Given this trend, attackers are likely to continue switching between HTTP client tools, adapting strategies to leverage new technologies and evade detection, reflecting a broader pattern of constant evolution to enhance their effectiveness and minimize exposure," said Proofpoint security researcher Anna Akselevich.