Cybercriminals Exploit Legitimate HTTP Clients in Password Attacks

Cybercriminals are increasingly utilizing legitimate HTTP client tools, such as Go Resty and Node Fetch, to conduct account takeover (ATO) attacks on Microsoft 365 environments. This trend highlights a growing sophistication in the methods employed by attackers, as they leverage widely-used software to bypass security measures.
Recent Observations by Proofpoint
Enterprise security company Proofpoint has reported a rise in campaigns that utilize HTTP clients like Axios and Node Fetch. These tools enable attackers to send HTTP requests and receive responses from web servers, facilitating their ATO efforts.
Key Points
- Cybercriminals are using legitimate tools to conduct ATO attacks.
- HTTP clients such as Go Resty, Axios, and Node Fetch are being exploited.
- Proofpoint has documented these malicious campaigns targeting Microsoft 365 environments.
- The use of legitimate software complicates detection and prevention efforts.
Conclusion
The increasing use of legitimate HTTP clients by cybercriminals underscores the need for enhanced security measures in enterprise environments. Organizations must remain vigilant and adapt their defenses to counteract these evolving threats.




