<ul><li>A botnet of 130,000+ devices is targeting Microsoft 365 (M365) accounts through password-spraying attacks, bypassing multi-factor authentication.</li><li>The attackers exploit basic authentication, allowing them to steal credentials transmitted in plain form.</li><li>The password-spray attacks are recorded in Non-Interactive Sign-In logs, often overlooked by security teams, enabling attackers to conduct high-volume attempts undetected.</li><li>SecurityScorecard advises affected organizations to rotate credentials and reassess their authentication strategies to combat these ongoing botnet attacks.</li></ul>

A large botnet targets M365 accounts with password spraying attacks

Discover more