Significant Volume of Brute Force Attempts Against Ingress Authentication Sources
In the past 72 hours there has been a significant volume of brute force attempts against various ingress authentication sources (like o365 or VPN solutions).
We have seen this across all of our customers and that this activity is both typical for this time of year, as well as, we are seeing an uptick in activity which can be traced to the recent data breaches that provided the attackers with a fresh set of passwords and user data to bypass account reset controls.
As always, we are monitoring the situation, but wanted to make sure people were aware of the increased activity across the internet and recommend that you take appropriate precautions. One option would be to subscribe your domain to haveibeenpwned.com which will notify you when accounts for your organization are leaked.
Additionally, as we always recommend, make sure you are using multifactor authentication (MFA) for all ingress authentication sources for all your users, not just administrators or executives.
At DirectDefense, we pride ourselves in providing practical and realistic security strategies that assist our clients in meeting their security goals for the year. If you’d like to hear more about how we can assist you, please contact firstname.lastname@example.org.