According to cybersecurity specialists, in collaboration with an ethical hacker from the International Institute of Cyber Security, malicious hackers are showing special interest in abusing legitimate protocols to increase frequency and effectiveness of brute force attacks.
This abusive behavior has focused primarily on
the IMAP protocol (Internet Message Access Protocol), which is responsible for
bypassing multi-factor authentication and blocking options for unsuccessful
logins.
According to the ethical hacker, this new
brute-force attacks campaign raises a different approach to deploying the
attack that uses the combination of user names and passwords. Thanks to an
analysis made to a sample of more than 100k unauthorized login attempts on
different platforms, the researchers reached conclusions such as:
- 70%
of users have been attacked by malicious hackers at least once - At
least 40% of users have one of their online accounts compromised - 15
out of every 10k active user accounts have been successfully compromised
The main goal of hackers is to deploy internal phishing
campaigns to generate persistence in the systems of the attacked organization.
Internal phishing is much more difficult to detect than the external one,
mentioned the expert in ethical hacking.
Hackers will try to get login access to victims’
cloud accounts, and they will depend on the internal phishing campaign to
spread the infection throughout the systems.
The researchers mentioned that most of these unauthorized logins have
originated in IP addresses from countries such as Nigeria, China, Brazil, South
Africa, and the United States.
The abuse against the IMAP protocol increased
notably between October 2018 and February 2019, the specialists mentioned. In addition,
experts say the success rate of these attacks has increased considerably,
reaching around 40%; it is estimated that at least 60% of Office 365 and G
Suite users have been attacked during the last six months.
According to the ethical hacker, during these
campaigns the attackers also resort to the use of tools like Tor or VPN nodes
to preserve their anonymity.
