Close Menu
Alpha Leaders
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
What's On
See The Milky Way, Venus And A Full Buck Moon: July’s Night Sky

See The Milky Way, Venus And A Full Buck Moon: July’s Night Sky

1 July 2026
How Wisconsin Used Foxes And Deer To Revamp Science Education

How Wisconsin Used Foxes And Deer To Revamp Science Education

1 July 2026
From medicine to hiring, A.I. is impacting these business sectors

From medicine to hiring, A.I. is impacting these business sectors

1 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Alpha Leaders
newsletter
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
Alpha Leaders
Home » Microsoft Password Spray And Pray Attack Targets Accounts Without 2FA
Innovation

Microsoft Password Spray And Pray Attack Targets Accounts Without 2FA

Press RoomBy Press Room25 February 20253 Mins Read
Facebook Twitter Copy Link Pinterest LinkedIn Tumblr Email WhatsApp
Microsoft Password Spray And Pray Attack Targets Accounts Without 2FA

There are two undeniable truths in the world of cybersecurity: Microsoft is a prime target for hackers, and two-factor authentication is a hurdle they hate to encounter. A newly reported password spray and pray attack campaign exploits both these truths by only targeting Microsoft 365 accounts that are still using now deprecated basic authentication protections. Here’s what is happening and the steps your organization needs to take to mitigate the risk.

The Password Spray And Pray Attack

A botnet that comprises at least 130,000 devices that have been compromised by what is “likely a Chinese-affiliated group,” according to the SecurityScorecard researchers who have analyzed the threat, is conducting a large-scale password hacking campaign against Microsoft 365 accounts.

In order to bypass login protections such as 2FA, the attack targets non-interactive sign-ins with Basic Authentication, something long since deprecated by Microsoft precisely because of insecurity issues. “This tactic has been observed across multiple M365 tenants globally,” the researchers said, “indicating a widespread and ongoing threat.” As the attacks are recorded in those non-interactive sign-in logs, they are often overlooked by security teams, creating a security gap that enables the threat actors to conduct such high-volume spray and pray password hacking campaigns largely undetected.

“Non-interactive sign-ins, commonly used for service-to-service authentication, legacy protocols and automated processes,” SecurityScorecard said, do not trigger 2FA in many configurations. The problem being that basic authentication is still enabled in some environments which means that passwords are transmitted in plain text.

While Microsoft has been deprecating basic authentication, it won’t be until Sept. 2025 that it is fully retired, the researchers said. “Despite the ongoing deprecation, the behavior described in this report presents an immediate threat.”

Mitigating The Microsoft 365 Password Spraying Attacks

The SecurityScorecard report recommends that the botnet activity here should prompt organizations to prioritize deprecating basic authentication, proactively monitor login patterns and implement strong detection mechanisms for such password-spraying attacks. “The use of non-interactive sign-in logs to evade MFA and possibly Conditional Access Policies,” the researchers said, “underscores the need for organizations to reassess their authentication strategies.”

“The passwords are usually collected from credential dumps, which attackers access from the Dark Web,” Boris Cipot, senior security engineer at Black Duck, said; “To avoid brute-force protections, attackers limit the password testing on user accounts to prevent lockout policies.”

To lower the risk of such attacks, Cipot said, organizations must deploy access policies based on geolocation and device compliance. “To make login more secure,” Cipot concluded, “multi-factor authentication or certificate-based authentication provides an additional level of security.” So, if you don’t want the hacker’s password prayers to be answered, you know what to do.

2FA Microsoft Microsoft 2FA Microsoft 365 Microsoft Account Microsoft Basic Authentication Password Attack Password Botnet password hack Password Spraying
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link

Related Articles

See The Milky Way, Venus And A Full Buck Moon: July’s Night Sky

See The Milky Way, Venus And A Full Buck Moon: July’s Night Sky

1 July 2026
How Wisconsin Used Foxes And Deer To Revamp Science Education

How Wisconsin Used Foxes And Deer To Revamp Science Education

1 July 2026
From medicine to hiring, A.I. is impacting these business sectors

From medicine to hiring, A.I. is impacting these business sectors

1 July 2026
Anthropic Wins As Commerce Lifts Fable 5 And Mythos 5 Export Controls

Anthropic Wins As Commerce Lifts Fable 5 And Mythos 5 Export Controls

1 July 2026
Apple iOS 26.5.2 New iPhone Software: Should You Upgrade?

Apple iOS 26.5.2 New iPhone Software: Should You Upgrade?

1 July 2026
Autonomous Pharmacies Are Becoming the Next Big Thing

Autonomous Pharmacies Are Becoming the Next Big Thing

1 July 2026
Don't Miss
Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

By Press Room27 December 2024

Every year, millions of people unwrap Christmas gifts that they do not love, need, or…

Exclusive: DeFi platform Azura launches after raising .9 million from Initialized

Exclusive: DeFi platform Azura launches after raising $6.9 million from Initialized

22 October 2024
Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

22 October 2024
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Latest Articles
The gap between A.I. hype and A.I. reality widens

The gap between A.I. hype and A.I. reality widens

1 July 20262 Views
Apple iOS 26.5.2 New iPhone Software: Should You Upgrade?

Apple iOS 26.5.2 New iPhone Software: Should You Upgrade?

1 July 20261 Views
A.I. and the growing risk of “digital redlining”

A.I. and the growing risk of “digital redlining”

1 July 20261 Views
Autonomous Pharmacies Are Becoming the Next Big Thing

Autonomous Pharmacies Are Becoming the Next Big Thing

1 July 20261 Views

Recent Posts

  • See The Milky Way, Venus And A Full Buck Moon: July’s Night Sky
  • How Wisconsin Used Foxes And Deer To Revamp Science Education
  • From medicine to hiring, A.I. is impacting these business sectors
  • Anthropic Wins As Commerce Lifts Fable 5 And Mythos 5 Export Controls
  • The gap between A.I. hype and A.I. reality widens

Recent Comments

No comments to show.
About Us
About Us

Alpha Leaders is your one-stop website for the latest Entrepreneurs and Leaders news and updates, follow us now to get the news that matters to you.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks
See The Milky Way, Venus And A Full Buck Moon: July’s Night Sky

See The Milky Way, Venus And A Full Buck Moon: July’s Night Sky

1 July 2026
How Wisconsin Used Foxes And Deer To Revamp Science Education

How Wisconsin Used Foxes And Deer To Revamp Science Education

1 July 2026
From medicine to hiring, A.I. is impacting these business sectors

From medicine to hiring, A.I. is impacting these business sectors

1 July 2026
Most Popular
Anthropic Wins As Commerce Lifts Fable 5 And Mythos 5 Export Controls

Anthropic Wins As Commerce Lifts Fable 5 And Mythos 5 Export Controls

1 July 20261 Views
The gap between A.I. hype and A.I. reality widens

The gap between A.I. hype and A.I. reality widens

1 July 20262 Views
Apple iOS 26.5.2 New iPhone Software: Should You Upgrade?

Apple iOS 26.5.2 New iPhone Software: Should You Upgrade?

1 July 20261 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • March 2022
  • January 2021
  • March 2020
  • January 2020

Categories

  • Blog
  • Business
  • Entrepreneurs
  • Global
  • Innovation
  • Leadership
  • Living
  • Money & Finance
  • News
  • Press Release
© 2026 Alpha Leaders. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.