Microsoft Warns Of Rise In Password Spray Attacks Aimed At High Privilege Accounts
Password spray attacks are different than what we typically think of when it comes to 'hacking passwords'; most of the time what you think about is a straight "brute force" method where everything but the kitchen sink is thrown at a single account. The problem (for hackers anyway) is that it'll often lock out the user prompting a password reset; the good news is, that locks out the hacker as well. But things are a bit more methodical with these password spray attacks.
The more important part of the warning from Microsoft DART is regarding who is being targeted. Hint—it's not the custodian or office administrator, it's the people with access to the money-making details. Those in positions with access to financials of any kind or any other confidential data for these companies are key targets. Because of this, Microsoft is recommending that everyone using a business account enable MFA if possible. And on second thought, EVERYONE who logs into ANYTHING that has their personal or financial data needs to be using MFA. This practice should now be as common as locking your home when you're away.