Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers.
ATO attacks leveraging HTTP clients by volume of affected user-accounts (JAN – DEC 2024).
These tools enable customization of request methods (like GET, POST, PUT, DELETE), headers, and payloads, making them useful for both legitimate and malicious activities.
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...
In February 2018, Proofpoint researchers found a widespread campaign targeting Microsoft 365 environments that used an unusual version of the OkHttp client (‘okhttp/3.2.0’).
Proofpoint researchers observed that a nearly four-year campaign targeted high-value individuals, particularly C-level executives and privileged users.
Volume of Node Fetch based account takeover attacks, by targeted vertical (JUN-DEC 2024).
Attackers used user enumeration to find valid email addresses before launching spear phishing and password spraying attacks.
Since 2018, HTTP clients have been key in account takeover (ATO) attacks. By early 2024, OkHttp variants were popular, but by March 2024, a wider variety of HTTP clients emerged.
A recent campaign using the Axios HTTP client successfully compromised 43% of targeted user accounts. When combined with Adversary-in-the-Middle (AiTM) platforms like Evilginx, Axios can steal credentials, MFA tokens, and session tokens. To read full report click here.