The Rise of the Botnet

The newly discovered botnet, which has been dubbed “Eclipse,” has already made headlines for its sheer scale and sophistication. With over 130,000 compromised devices, it is one of the largest botnets ever identified. The Eclipse botnet is not just a collection of individual devices; it is a coordinated network of compromised systems that work together to carry out a specific set of malicious activities.

The Attack Vector: Non-Interactive Sign-Ins

The Eclipse botnet exploits a lesser-known authentication method called Non-Interactive Sign-Ins (NIS). NIS is a feature that allows users to sign in to Microsoft 365 without entering a password. This method is often used by administrators to manage devices remotely or by users who have set up two-factor authentication (2FA) but still need to access their accounts occasionally.

These sectors are more vulnerable due to the complexity of their systems and the large number of users. Password spraying is a common attack vector for attackers to gain unauthorized access to sensitive information.

What is Password Spraying?**

Password spraying is a type of cyber attack where an attacker uses a large number of stolen or compromised credentials to test multiple accounts simultaneously. The goal is to find a valid password that can be used to gain unauthorized access to a system, network, or application.

How Does Password Spraying Work?**

Password spraying involves using a combination of stolen credentials and automated tools to test multiple accounts in a short period. The attacker uses a list of stolen credentials, which can be obtained from various sources such as data breaches, phishing attacks, or compromised devices. The attacker then uses automated tools to spray the credentials across multiple accounts, often using a brute-force approach. The attacker may use a combination of username and password combinations to test multiple accounts. The attacker may use a list of common passwords or password patterns to increase the chances of success.

Phasing out Basic Authentication poses significant security risks worldwide.

SecurityScorecard’s Alert

SecurityScorecard, a leading provider of security risk management solutions, has issued a warning to security teams worldwide. The company’s alert is focused on reviewing Non-Interactive Sign-In logs for potential unauthorised access. This warning comes as Microsoft announces its plan to phase out Basic Authentication by September 2025.

Why is this a concern? Basic Authentication is a widely used authentication protocol that relies on username and password combinations. However, it has several security vulnerabilities that make it an attractive target for attackers. SecurityScorecard’s alert is a reminder that these vulnerabilities can be exploited to gain unauthorised access to systems and data. #### How does Basic Authentication work?

Added “expert” to describe the team’s guidance to emphasize its quality and value. Changed “helping organizations” to “inform their strategic decisions” to make the sentence more direct and focused on the team’s impact.