Microsoft: Password Spray Attacks Targeting Exchange Online – Petri.com

Microsoft: Password Spray Attacks Targeting Exchange Online – Petri.com

Microsoft: Password Spray Attacks Targeting Exchange Online – Petri.com 0 0 Alan Dickson

close
New E-Book
Tracking Tasks in Microsoft 365
New E-Book
Microsoft Teams Backup
Latest Whitepaper
7 Critical Reasons for Microsoft 365 Backup
New E-Book
4 Strategies for Cloud Storage Optimization
Home
Exchange Online
Rabia Noureen
Oct 5, 2022
Microsoft has released an advisory to warn Exchange Online users about increasing password spray attacks. The company has recommended enterprise customers to set up authentication policies to protect users and sensitive information in their organizations.
Microsoft started disabling Basic Authentication support for Exchange Online customers on October 1, 2022. The legacy authentication method is being removed for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), IMAP, POP, and Remote PowerShell protocols.
However, this change doesn’t affect SMTP Authentication, allowing customers to continue using multi-function devices, scripts, and programs for sending emails via Exchange Online. Microsoft believes that the deprecation of Basic Authentication should prevent password spray attacks that commonly target popular protocols.
“A password spray attack is a type of brute force attack in which the attacker tries a large number of usernames with a list of common passwords against a target system to see if any will work. It’s often hard to detect as the username keeps changing; accounts don’t get locked because the account being attacked changing,” the Exchange Online team explained.
Microsoft plans to gradually turn off Basic Authentication for all tenants by the end of this year. The company is recommending customers to switch to Modern Authentication (OAuth 2.0) as soon as possible. Modern Authentication provides access to various security tools like smart cards, mobile access management, and certificate-based authentication.
Microsoft is urging customers that have yet to disable Basic Authentication should configure Exchange Online Authentication policies. These policies will ensure that Basic Authentication should be enabled for select accounts with specific protocols (such as SMTP and IMAP).
For instance, IT admins can use Azure AD sign-in reports to find accounts that use Basic Authentication with IMAP. Once tracked, create an authentication policy to let employees use Basic Authentication with the same protocol. It is important to note that some applications (such as Outlook) use multiple protocols, and administrators will need to create a combination of policies.
Microsoft notes that this technique will help IT admins to focus on a limited set of accounts and block sophisticated credential stealing attempts. “Because we are not disabling SMTP Auth, and SMTP is one of the most frequently attacked protocols, you should make it a priority to set up an Authentication Policy for SMTP and limit your attack surface,” Microsoft added.
More from Rabia Noureen
M365 Changelog: (Updated) Microsoft Defender for Office 365: Hourly option for notifications
M365 Changelog: (Updated) Speaker Coach in Microsoft Teams Meetings
Microsoft Starts Rolling Out the Windows 11 2022 Update to More PCs
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
More in Exchange Online
M365 Changelog: (Updated) Microsoft Defender for Office 365: Hourly option for notifications
Oct 5, 2022 | Rabia Noureen
M365 Changelog: (Updated) Microsoft Defender for Office 365 – updates to quarantine folder storage
Oct 5, 2022 | Rabia Noureen
Microsoft Warns About Spike in Password Spray Attacks Targeting Exchange Online
Oct 5, 2022 | Rabia Noureen
M365 Changelog: (Updated) Microsoft Defender for Office 365: Quarantine asynchronous update
Oct 3, 2022 | Rabia Noureen
Microsoft to Retire Client Access Rules Support in Exchange Online in 2023
Sep 28, 2022 | Rabia Noureen
M365 Changelog: (Updated) block delegates or shared mailbox members from accessing protected messages in Outlook
Sep 28, 2022 | Rabia Noureen
Most popular on petri
Article saved!
Access saved content from your profile page. View Saved
Reach out
Learn More
Sitemap
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group
Terms and Conditions of Use

source

    Would you like to receive notifications on latest updates? No Yes