60 percent of Office 365 and G Suite cloud accounts have been targeted with IMAP-based password-spraying attacks, researchers with Proofpoint say. IMAP is the Internet Message Access Protocol (IMAP) used for accessing and storing mail on mail servers. The lack of multi-factor authentication means attackers can avoid account lock-out and compromise accounts unnoticed. The widespread number of credential dumps appearing on the cybercrime underground is another factor that helps threat actors carry out brute-force attacks. In December, researchers found a sharp increase in successful account breaches for that month.
Source: https://threatpost.com/imap-attacks-compromise-accounts/142824/