Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers.
ATO attacks leveraging HTTP clients by volume of affected user-accounts (JAN – DEC 2024).
These tools enable customization of request methods (like GET, POST, PUT, DELETE), headers, and payloads, making them useful for both legitimate and malicious activities.
Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
A serious authentication bypass vulnerability in SonicWall firewalls, called CVE-2024-53704, is currently being exploited, according to cybersecurity firms. The increase...
RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions...
In February 2018, Proofpoint researchers found a widespread campaign targeting Microsoft 365 environments that used an unusual version of the OkHttp client (‘okhttp/3.2.0’).
Proofpoint researchers observed that a nearly four-year campaign targeted high-value individuals, particularly C-level executives and privileged users.
Volume of Node Fetch based account takeover attacks, by targeted vertical (JUN-DEC 2024).
Attackers used user enumeration to find valid email addresses before launching spear phishing and password spraying attacks.
Since 2018, HTTP clients have been key in account takeover (ATO) attacks. By early 2024, OkHttp variants were popular, but by March 2024, a wider variety of HTTP clients emerged.
A recent campaign using the Axios HTTP client successfully compromised 43% of targeted user accounts. When combined with Adversary-in-the-Middle (AiTM) platforms like Evilginx, Axios can steal credentials, MFA tokens, and session tokens. To read full report click here.