Attackers Increase Use of HTTP Clients for Account Takeovers

Jan. 30, 2025
Attackers Increase Use of HTTP Clients for Account Takeovers
  1. Home
  2. News
  3. Attackers Increase Use of HTTP Clients for Account Takeovers

Cybercriminals have been observed increasingly leveraging legitimate HTTP client tools to execute account takeover (ATO) attacks on Microsoft 365 environments.

Recent findings from Proofpoint reveal that 78% of Microsoft 365 tenants faced at least one ATO attempt in 2024 utilizing a distinct HTTP client. This marks a 7% rise in such attacks compared to the previous six months.

Evolution of HTTP-Based Attacks

Proofpoint researchers have observed a long-term trend of attackers repurposing widely available HTTP client tools to execute malicious activities. These tools, originally designed for web development and automation, are now being used for brute-force attacks and adversary-in-the-middle (AiTM) techniques.

In 2018, attackers used an uncommon OkHttp client version (okhttp/3.2.0) in a sustained campaign lasting nearly four years. By 2021, this method peaked at tens of thousands of monthly attacks before declining. Since early 2024, newer HTTP clients, such as python-request and Axios, have become more prominent.

Read more on HTTP-based security threats: HTTP/S DDoS Attacks Soar 487% in Three Years

Axios HTTP Client High Success Rates

One of the most effective recent attack methods involves the Axios HTTP client, which integrates AiTM techniques to bypass multi-factor authentication (MFA). Axios-based attacks have a success rate of 43% – significantly higher than traditional brute-force attempts.

Key attack steps include:

  • Credential theft via email phishing and reverse proxy tools
  • Account takeover using stolen credentials and MFA tokens
  • Post-compromise actions such as modifying mailbox rules, exfiltrating data and registering OAuth applications for persistent access

Node Fetch and Large-Scale Brute-Force Attacks

Another campaign employs the Node Fetch client to conduct brute-force password spraying attacks. Since June 2024, this method has generated over 13 million login attempts, averaging 66,000 a day. Despite its scale, the success rate remains low at just 2%.

Attackers primarily target student accounts in the education sector, exploiting their relatively weaker security. Over 3000 organizations and 178,000 user accounts have been targeted since mid-2024.

Tags:

No tags.

JikGuard.com, a high-tech security service provider focusing on game protection and anti-cheat, is committed to helping game companies solve the problem of cheats and hacks, and providing deeply integrated encryption protection solutions for games.

Explore Features>>

Top

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
Bungie's content cycling on Destiny 2 causes legal kerfuffle in plagiarism suit
May 6, 2025
None
NCSoft invests in TX-based studio founded by id, Naughty Dog alums
May 6, 2025

Tags

Featured BlogsTop StoriesLayoffsBlogsCultureFeaturesGenerative AIGDC 2024Horror GamesUnityUbisoftValveStaff BlogOmdia | Game Industry AnalysisGame Developer EssentialsState of the Game Industry ReportGame Developer's 2024 Wrap-Up: Top Games Devs and TrendsGame Developer CollectiveAudioDesignerSpotlight SeriesDeep Divesunity encryption[Company] UnityArtist[Company] Xbox[Company] PlayStationCooking GamesAnti-modifierGame SecurityRootRoot detectionAssetbundle encryptionGodotCareer adviceQ&A'sGameGuardianModifierAnti-RootSignature verificationUnity Hardeningab package encryptioniOS resource encryptionCECheat EngineAnti-CrackingGame Anti-HackingAnti-Hacking

Recent

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
Bungie's content cycling on Destiny 2 causes legal kerfuffle in plagiarism suit
May 6, 2025
None
NCSoft invests in TX-based studio founded by id, Naughty Dog alums
May 6, 2025
None
Microsoft's Q3 report shows slight Xbox growth as fresh price hikes loom
May 2, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Vox sells Polygon to Valnet in a blow to video game market
May 2, 2025
None
Compulsion Games boss: Generative AI usage 'is not mandated' at Xbox
May 2, 2025
None
'It was really wearing people down:' The funding challenges that followed 'runaway success' Another Crab's Treasure
May 1, 2025

Popular

None
Xbox is increasing hardware prices and bumping first-party titles to $80
May 1, 2025
None
Report: Russia aims to seize assets of former Wargaming subsidiary Lesta Studio
April 30, 2025
None
Report: EA lays off hundreds of workers after canceling games at Respawn Entertainment
April 30, 2025
None
'We are frustrated:' ZeniMax union workers continue to pressure Microsoft over contract negotiations
April 30, 2025
None
Unity Protection: Comprehensive Strategies for Securing Your Game
April 29, 2025
None
Game Anti-Repackaging: The Ultimate Protection for Developers and Publishers
April 29, 2025
None
Game SSL Pinning: A Vital Shield for Unreal Engine Cheat Protection
April 29, 2025
None
Roblox, Discord sued for 'facilitating the sexual exploitation' of a minor
April 29, 2025
None
Journey developer thatgamecompany to co-host game jam with $10,000 prize pool
April 28, 2025
None
Unreal Engine Protection: Ensuring Game Security and Preventing Cheating
April 27, 2025

Random

None
Microsoft's Q3 report shows slight Xbox growth as fresh price hikes loom
May 2, 2025
None
Report: Russia aims to seize assets of former Wargaming subsidiary Lesta Studio
April 30, 2025
None
Tenderfoot Tactics developer pulls title from Xbox to support pro-Palestine boycott
April 25, 2025
None
Report: Meta has laid off over 100 Reality Labs employees
April 25, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Exploring Memory Protection in Gaming: Key Techniques and Solutions
April 27, 2025
None
Journey developer thatgamecompany to co-host game jam with $10,000 prize pool
April 28, 2025
None
IO Interactive co-founder launches new 'consensus'-driven studio
April 25, 2025
None
App Shield: The Ultimate Solution for Mobile Game Protection
April 24, 2025
None
Nintendo tells customers in Japan to expect Switch 2 hardware shortage at launch
April 23, 2025

Most Views

None
Game Code Obfuscation: Essential Techniques and Tools for Developers
April 24, 2025
None
Anti Decompile: The Ultimate Game Protection Strategy
April 24, 2025
None
App Shield: The Ultimate Solution for Mobile Game Protection
April 24, 2025
None
Top-Rated App Protect Solutions for Mobile Game Developers: Ensure Security and Fair Play
April 24, 2025
None
Discord names former Activision Blizzard and King exec as its new CEO
April 24, 2025
None
Huge donation will help The Strong preserve the history of defunct Saints Row developer Volition
April 24, 2025
None
The Big Con developer Mighty Yell confirms layoffs
April 24, 2025
None
Top Mobile App Security Solution: Protecting Your Applications in 2025
April 23, 2025
None
Steam users will soon be able to search for games based on accessibility features
April 23, 2025
None
Nintendo tells customers in Japan to expect Switch 2 hardware shortage at launch
April 23, 2025