A massive brute-force attack campaign used both legacy protocols and credential dumps to compromise cloud user accounts. The attacks relied on compromised network devices such as routers and servers to conduct IMAP-based password-spraying attacks. In those cases, the malefactors used the compromised credentials to steal access to users cloud application accounts. Security professionals can help strengthen their organizations email security posture by taking a layered approach to email defenses. This strategy should begin with the deployment of an external solution capable of scanning email for threats.”]

