Educause Security Discussion mailing list archives

Re: Brute Force Attacks On Microsoft O365’s IMAP (Symptom: Account Lockouts)?

From: Joseph Tam <tam () MATH UBC CA>
Date: Wed, 13 Feb 2019 13:39:19 -0800

On Tue, 12 Feb 2019, Thomas Abraham (Campus Consortium) wrote:

We are starting to get a lot of calls for help recently from our
members on brute force attacks on their Microsoft O365?s IMAP login
service.  Are others experiencing this?


Every second of every day of the year.  There's easy countermeasures
with varying amounts of efficacy and tradeoffs.  Authentication failure
delays (but not lockout!).  Preemptive blacklistings for troublesome
networks *cough*ChinaNet*cough* with mitigation measures like VPN.
Selective blacklists (e.g. blocklist.de).  Dynamic blacklisting (failure
logs, hooks within your application, etc.)

All bets are off if it's a distributed BFD.

Joseph Tam <tam () math ubc ca>

Current thread:

Brute Force Attacks On Microsoft O365’s IMAP (Symptom: Account Lockouts)? Thomas Abraham (Campus Consortium) (Feb 12)
- <Possible follow-ups>
- Re: Brute Force Attacks On Microsoft O365’s IMAP (Symptom: Account Lockouts)? Joseph Tam (Feb 13)