HTTP Hijinks: Microsoft 365 Under Siege by Crafty Cybercriminals

Cybercriminals are getting crafty, using legitimate HTTP client tools for Microsoft 365 account takeovers. Axios HTTP client attacks boast a 43% success rate, bypassing multi-factor authentication with ease. Meanwhile, Node Fetch brute-force attacks spray passwords like confetti but hit the mark just 2% of the time. Who knew hacking could be so… hit or miss?

3P
Published: January 30, 2025 4:33 pmAdded: February 5, 2025 at 3:37 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like cybercriminals have mastered the art of using everyday HTTP clients for chaos, turning your trusty web tools into the Swiss Army knives of mischief! These digital pranksters are so crafty, they might just be the next MacGyver of the cyber world, except they’re not saving the day… they’re definitely ruining it.

Key Points:

  • 78% of Microsoft 365 tenants faced account takeover (ATO) attempts using HTTP clients in 2024.
  • Attackers are leveraging common HTTP client tools for brute-force and AiTM attacks.
  • Axios HTTP client boasts a 43% success rate in bypassing multi-factor authentication (MFA).
  • Node Fetch client led to 13 million login attempts, focusing on the education sector.
  • Cybercriminals are targeting weaker security in student accounts.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?