Title: High-Speed Hackers Target Microsoft Passwords: Stay Vigilant

Title: High-Speed Hackers Target Microsoft Passwords: Stay Vigilant

As Microsoft 365 users grapple with the news of three undiscovered Windows vulnerabilities being exploited and an increase in Russian cyber espionage attacks against Windows users, another piece of disheartening news surfaces. Research has indicated that hackers are honing in on Microsoft 365 accounts with a high-speed password attack methodology, referred to as FastHTTP. Here's what you need to know.

FastHTTP: The New Threat to Microsoft 365 Accounts

SpearTip Security Operations Center researchers identified an emerging hack attack campaign that uses the FastHTTP high-performance server and client library for the Go programming language. It appears this FastHTTP framework is being exploited to gain unauthorized access to account via brute-force login attempts and spamming multi-factor authentication requests. Data analyzed from a large set of Microsoft 365 tenants by SpearTip researchers Djurre Hoeksema, James Rigdon, and Benjamin Jones, confirmed that FastHTTP was first observed as a user agent on January 6th, 2025.[1] The hacking attempts mainly originated from Brazil, accounting for 65% of the total, with the remaining attackers hailing from Argentina, Iraq, Pakistan, Turkey, and Uzbekistan.[1]

This revelation underscores the evolving methods employed by cybercriminals, according to Roei Sherman, Field Chief Technology Officer at Mitiga. The FastHTTP technique aims to compromise accounts through brute-force methods, rapidly iterating through numerous password combinations. These attacks are both widespread and capable of bypassing traditional security layers, often leading to successful account takeovers.[1]

Safeguarding Your Microsoft 365 Account

SpearTip researchers suggested reviewing Entra ID sign-in logs via the Azure Portal as a potential indicator of compromise from the FastHTTP brute-force attack.[1] Additionally, Sherman advised several precautionary measures for Microsoft 365 users, including:

1. Enable Multi-Factor Authentication (MFA).
2. Strengthen password policies.
3. Monitor login activity.
4. Educate employees.
5. Implement account lockout policies.

To further protect your Microsoft 365 account, employing industry best practices such as:

1. Adopt Multi-Factor Authentication (MFA): Having two-factor authentication enables an additional layer of security, making it more challenging for attackers to gain access even with your password.[1][2]
2. Utilize Strong Passwords: Encourage all users to use strong, unique passwords that steer clear of recycled passwords. Emphasize the significance of password hygiene in employee education initiatives.[1][3]
3. Implement Conditional Access Policies: Restrict access based on criteria like device, location, and compliance controls to block or limit access from unmanaged devices.[3]
4. Monitor for Suspicious Activity: Regularly inspect MFA devices, expunge unrecognized or suspicious devices, and monitor for signs of MFA fatigue attacks by attackers.[1][3]
5. Use Advanced Authentication Methods:upgrade to hardware-backed MFA like FIDO2 keys or Windows Hello for Business.[1][3]
6. Detect and Respond to Attacks: Utilize PowerShell scripts to scan for the FastHTTP user agent efficiently.[3] Regularly execute these scripts to detect signs of targeting and conduct a prompt response. If malicious activity is discovered, expire all user sessions, reset credentials, and tighten authentication policies.[3]
7. Educate Users: Train employees to recognize phishing scams and signs of MFA fatigue attacks.[1][2] Emphasize the importance of not reusing old passwords and advancing to strong, unique passwords.[1][3]

By adhering to these measures, you can drastically decrease the likelihood of your Microsoft 365 account falling victim to FastHTTP brute-force password attacks.

[1]: SpearTip Security Operations Center (2023). FastHTTP: Brute-Force Microsoft 365 Password Attacks. https://www.speartip.co/resources/fasthttp-brute-force-microsoft-365-password-attacks/[2]: Microsoft (2021). Protect Your Microsoft 365 Account with Multi-Factor Authentication. https://docs.microsoft.com/en-us/microsoft-365/security/mfa-howto-register-enroll/?WT.mc_id=M365-99591-MTB_Promo_MFA_ENUS[3]: Microsoft (2020). Implement Conditional Access and Password Protection Policies to Protect Your Users. https://docs.microsoft.com/en-us/microsoft-365/security/conditional-access/conditional-access-permissions-policy-settings?WT.mc_id=M365-91691-MTB_FAQ_PolicySettings

1. The FastHTTP brute-force attack against Microsoft 365 accounts is a significant concern, as it uses high-speed password attempts to hack Microsoft 365 passwords.
2. To combat the FastHTTP attack, Microsoft 365 users should enable Multi-Factor Authentication (MFA), strengthen password policies, monitor login activity, and implement account lockout policies.
3. Microsoft strongly recommends the adoption of Multi-Factor Authentication (MFA) to provide an additional layer of security, using strong, unique passwords, and implementing conditional access policies for enhanced account protection.
4. In response to the FastHTTP attack, Microsoft suggests using PowerShell scripts to scan for the FastHTTP user agent, regularly detecting signs of targeting, and promptly responding to any malicious activity.

Read also: