#United States #Miami #Cybersecurity #Guardz #Microsoft Entra ID

Guardz Uncovers Advanced Cyber Campaign Targeting Microsoft Entra ID

In a recent report, Guardz—the cybersecurity firm dedicated to protecting small businesses and Managed Service Providers (MSPs)—revealed evidence of a sophisticated cyber campaign that took advantage of outdated authentication methods in Microsoft Entra ID. Unveiled by the Guardz Research Unit (GRU), this troubling revelation increases concern over the vulnerabilities posed by legacy systems, which are still being exploited by malicious actors today.

The campaign, which operated from March 18 to April 7, 2025, utilized older, less secure authentication frameworks to sidestep multi-factor authentication (MFA) and breach cloud environments. The investigation conducted by Guardz found that a significant number of organizations—particularly those in the financial, healthcare, manufacturing, and technology sectors—were at risk due to unmodernized authentication practices.

The Nature of the Attack

Guardz's research indicates that over 9,000 suspicious login attempts were detected from various distributed IP addresses, mainly located in Eastern Europe and the Asia-Pacific region. This suggests that the cyber campaign was part of a coordinated global effort, employing automation and advanced tools to test network defenses while seeking unauthorized access to cloud resources, especially Exchange Online.

The attack occurred in two significant stages:
1. Initialization (March 18-20): The campaign commenced with low-intensity probing, generating around 2,709 login attempts daily.
2. Sustained Attack (March 21-April 3): The effort surged to a staggering 6,444 attempts each day—representing a 138% increase—as attackers intensified their exploitation efforts.

These findings point to the pressing need for organizations to modernize their cybersecurity measures, as old methods can easily be compromised by evolving threats.

Legacy Authentication Vulnerabilities

The primary focus of the campaign was on Basic Authentication Version 2—Resource Owner Password Credential (BAV2ROPC). This legacy method enables legacy applications to authenticate using usernames and passwords, sidestepping modern security checks, such as MFA and Conditional Access Policies. Unlike current interactive login processes, BAV2ROPC operates in a manner that circumvents crucial security measures, exposing users to significant risks.

Dor Eisner, CEO and Co-Founder of Guardz, emphasized the implications of the findings, stating, "This campaign is a wake-up call—not just about one vulnerability, but about the broader need to retire outdated technologies that no longer serve today's threat landscape." His remarks highlight the urgent need for organizations to safeguard against such vulnerabilities, especially those at risk due to outdated infrastructure.

Recommendations for Protection

To mitigate risks associated with legacy authentication, Guardz urges all organizations to implement the following measures:

• - Conduct a comprehensive audit to disable outdated authentication protocols.
• - Enforce modern authentication and MFA across all accounts.
• - Implement conditional access policies to restrict unsupported flows such as ROPC.
• - Continuously monitor for unusual login activities or failed authentication attempts.

Guardz recognizes that smaller businesses often lack the resources and infrastructure available to larger enterprises, which is why their AI-driven cybersecurity platform is tailored to meet the unique needs of these organizations. By leveraging AI, Guardz provides comprehensive protection including identity security, email security, threat detection, and automated incident response, empowering smaller clients to focus on their growth without grappling with security complications.

To dive deeper into Guardz's findings regarding the legacy authentication attack campaign, as well as learn how their platform offers protection against such threats, visit their detailed research blog.

About Guardz

Guardz is dedicated to assisting MSPs and IT professionals in securing small businesses against cyber threats through their AI-powered cybersecurity platform. The solution offers automatic detection and response capabilities, safeguarding users, devices, emails, cloud directories, and data, all while facilitating straightforward and efficient cybersecurity management. With flexible and economically feasible pricing, Guardz assures comprehensive protection for digital assets, ensuring seamless implementation and business growth.