Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting.
Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to abuse because it circumvents multi-factor authentication protections, Proofpoint explains in a March 14 blog post from its Information Protection Research team.
From September 2018 through February 2019, Proofpoint conducted a six-month study that analyzed over 100,000 unauthorized logins across millions of monitored cloud user-accounts. The company found that 60 percent of Microsoft Office 365 and G Suite tenants were targeted with IMAP-based password-spraying attacks, while 25 percent were successfully breached in this manner.
Please register to continue.
Already registered? Log in.
Once you register, you’ll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.