Password-spraying attacks abuse IMAP to break into targets’ cloud accounts

Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting.

Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to abuse because it circumvents multi-factor authentication protections, Proofpoint explains in a March 14 blog post from its Information Protection Research team.

From September 2018 through February 2019, Proofpoint conducted a six-month study that analyzed over 100,000 unauthorized logins across millions of monitored cloud user-accounts. The company found that 60 percent of Microsoft Office 365 and G Suite tenants were targeted with IMAP-based password-spraying attacks, while 25 percent were successfully breached in this manner.

Please register to continue.

Already registered? Log in.

Once you register, you’ll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.

Next post in Security News

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to your account below

Fill the forms bellow to register

Retrieve your password

Please enter your username or email address to reset your password.