Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts - Related to future:, node, pam, vulnerability, cybercriminals

Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments.

Enterprise security firm Proofpoint mentioned it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks.

"Originally sourced from public repositories like GitHub, these tools are increasingly used in attacks like Adversary-in-the-Middle (AitM) and brute force techniques, leading to numerous account takeover (ATO) incidents," security researcher Anna Akselevich mentioned.

The use of HTTP client tools for brute-force attacks has been a long-observed trend since at least February 2018, with successive iterations employing variants of OkHttp clients to target Microsoft 365 environments at least until early 2024.

But by March 2024, Proofpoint mentioned it began to observe a wide range of HTTP clients gaining traction, with the attacks scaling a new high such that 78% of Microsoft 365 tenants were targeted at least once by an ATO attempt by the second half of last year.

"In May 2024, these attacks peaked, leveraging millions of hijacked residential IPs to target cloud accounts," Akselevich unveiled.

The volume and diversity of these attack attempts is evidenced by the emergence of HTTP clients such as Axios, Go Resty, Node Fetch, and Python Requests, with those combining precision targeting with AitM techniques achieving a higher compromise rate.

Axios, per Proofpoint, is designed for [website] and browsers and can be paired with AitM platforms like Evilginx to enable theft of credentials and multi-factor authentication (MFA) codes.

The threat actors have also been observed setting up new mailbox rules to conceal evidence of malicious activities, stealing sensitive data, and even registering a new OAuth application with excessive permission scopes to establish persistent remote access to the compromised environment.

The Axios campaign is showcased to have primarily singled out high-value targets like executives, financial officers, account managers, and operational staff across transportation, construction, finance, IT, and healthcare verticals.

Over 51% of the targeted organizations have been assessed to be successfully impacted between June and November 2024, compromising 43% of targeted user accounts.

The cybersecurity business noted it also detected a large-scale password spraying campaign using Node Fetch and Go Resty clients, recording no less than 13 million login attempts since June 9, 2024, averaging over 66,000 malicious attempts per day. The success rate, however, remained low, affecting only 2% of targeted entities.

More than 178,000 targeted user accounts across 3,000 organizations have been identified to date, a majority of which belong to the education sector, particularly student user accounts that are likely to be less protected and can be weaponized for other campaigns or sold to different threat actors.

"Threat actors' tools for ATO attacks have greatly evolved, with various HTTP client tools used for exploiting APIs and making HTTP requests," Akselevich noted. "These tools offer distinct advantages, making attacks more efficient."

"Given this trend, attackers are likely to continue switching between HTTP client tools, adapting strategies to leverage new technologies and evade detection, reflecting a broader pattern of constant evolution to enhance their effectiveness and minimize exposure."

As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (M......

A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels......

An ongoing distributed denial of service (DDoS) attack targets Bohemia Interactive's infrastructure, preventing players of DayZ and Arma Reforger from......

The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025

Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $[website] billion by 2037 (), organizations invest heavily in PAM solutions.

Why is PAM climbing the ranks of leadership priorities? While Gartner highlights key reasons such as enhanced security, regulatory compliance readiness, and insurance requirements, the impact of PAM extends across multiple strategic areas. PAM can help organizations enhance their overall operational efficiency and tackle many challenges they face today.

To explore more about PAM's transformative impact on businesses, read The Cyber Guardian: PAM's Role in Shaping Leadership Agendas for 2025 by a renowned cybersecurity expert and former Gartner lead analyst Jonathan Care.

What cybersecurity challenges may organizations face in 2025?

The cybersecurity landscape is predicted to be highly dynamic in 2025, marked by evolving attack techniques, new vulnerabilities, and an expanding attack surface. The most acute trends include:

Organizations often focus on external threats, while overlooking risks from within. Insider threats are one of the most underestimated yet impactful cybersecurity risks. Insider risks may manifest in several forms:

malicious actors may intentionally harm your organization.

negligent employees might carelessly exfiltrate your sensitive data.

external attackers can compromise your employees' credentials to gain unauthorized access to your systems.

The scope of insider threats becomes even clearer when checking the recent statistics. 's 2024 Data Breach Investigations study, 31% of all data breaches over the past decade have involved stolen credentials. In the last year alone, 68% of all breaches included a human element, with people being involved either via error, privilege misuse, use of stolen credentials, or social engineering.

Reliance on third-party vendors, contractors, and suppliers introduces significant security risks. Threats stemming from inadequate vendor security, software supply chain attacks, and subcontractor vulnerabilities continue to grow more prominent.

High-profile incidents, such as the Change Healthcare data breach, in which 190 million records were compromised due to weak third-party access controls, underscore the need for robust PAM solutions.

With the evolution of AI and ML, cyberattacks are becoming increasingly targeted and sophisticated. AI enables malicious actors to create more convincing phishing schemes, whereas ML helps them make brute-force attacks more efficient.

Advanced persistent threats represent a particularly insidious class of cyberattacks. These prolonged, targeted attacks are often performed by nation-states or organized crime groups aiming to steal sensitive information or disrupt operations.

The 2024 Salt Typhoon cyber espionage attack on the [website] telecommunications networks is a prime example. It highlights the persistent threat posed by state-sponsored cyber actors and highlights vulnerabilities within critical communication infrastructures that need urgent attention and remediation.

As organizations continue to adopt hybrid work models, managing privileged access across dispersed teams, multiple locations and numerous devices becomes increasingly complex. Hybrid environments make it harder to monitor and enforce consistent access controls.

Employees and contractors may also access corporate systems from unsecured devices and networks, creating gaps in security policies and increasing the risk of credential theft and unauthorized access.

In recent years, many companies tend to switch between on-premises and cloud environments. While offering scalability and efficiency, hybrid environments are more susceptible to misconfigurations, providing more entry points for cybercriminals to exploit.

Regulatory compliance remains one of the major challenges for organizations in 2025, as governments and industry bodies continue to introduce stricter data protection and cybersecurity regulations.

Non-compliance can result in significant financial, legal, and reputational consequences.

How can PAM help cybersecurity leaders overcome these challenges?

PAM solutions play a pivotal role in addressing these challenges by allowing organizations to control and monitor access to critical systems and sensitive data. PAM solutions like Syteca empower organizations to:

Enforce the principle of least privilege . Limit user access to only those resources necessary for their job duties.

. Limit user access to only those resources necessary for their job duties. Centralize access control . Manage privileged accounts across on-prem, cloud, and hybrid environments.

. Manage privileged accounts across on-prem, cloud, and hybrid environments. Implement multi-factor authentication (MFA) . Verify the identities of all consumers accessing your IT infrastructure.

. Verify the identities of all consumers accessing your IT infrastructure. Grant just-in-time (JIT) access . Provide temporary access to your critical systems, thus, minimizing exposure to persistent threats.

. Provide temporary access to your critical systems, thus, minimizing exposure to persistent threats. Automate account discovery. Detect and secure unmanaged privileged accounts within your systems.

Detect and secure unmanaged privileged accounts within your systems. Secure credentials with vaulting and rotation . Prevent credential theft by encrypting and systematically rotating passwords.

. Prevent credential theft by encrypting and systematically rotating passwords. Prevent lateral movement attacks . Stop cybercriminals from escalating privileges and moving across your networks undetected.

. Stop cybercriminals from escalating privileges and moving across your networks undetected. Manage privileged user sessions. Track and analyze user sessions to detect and stop unusual activity.

Track and analyze user sessions to detect and stop unusual activity. Streamline audits. Provide comprehensive activity logs and reports for security audits.

A robust PAM solution ensures that only the right people, at the right time, with the right level of access, can interact with your critical systems — helping you stay resilient and compliant.

Beyond access control: How modern PAM enhances cybersecurity ecosystems.

Many modern PAM solutions go beyond traditional access control by integrating with broader cybersecurity ecosystems. Organizations can use PAM solutions along with Security Information and Event Management (SIEM) systems, User Activity Monitoring (UAM) platforms, and IT ticketing systems for a more holistic approach to cybersecurity.

PAM + ticketing systems: Enhanced access control.

Using PAM in conjunction with ticketing systems helps organizations enforce strict access validation. Before granting privileged access, the system verifies the presence of a corresponding ticket. If the ticket is valid, access is granted. Thus, PAM's integration with ticketing systems enhances accountability and security by ensuring that access is only granted for authorized, documented requests.

Integrating PAM with SIEM systems allows you to correlate privileged access activities with broader security events. SIEM systems analyze privileged access logs to detect unusual patterns, such as unauthorized access attempts or privilege escalation. If a privileged session triggers a security event, SIEM can automatically alert IT teams.

PAM + UAM: Visibility into privileged user activity.

If you use PAM along with UAM solutions, you gain deeper insights into how privileged consumers interact with your critical assets. Security teams can monitor on-screen privileged user activity, application/web usage, keystrokes, and file transfer operations to detect unusual or risky behavior. When a security event occurs, teams can replay privileged sessions to understand exactly what happened.

With Syteca, you don't need two separate solutions. It's a comprehensive cybersecurity platform that enables you to leverage both PAM and UAM functionalities for robust access management, user activity monitoring, real-time alerts, and proactive incident response.

Note: Syteca also integrates with SIEMs, ticketing systems, and SSO software, allowing you to build a cybersecurity ecosystem tailored to your specific needs.

PAM's strategic benefits for organizations.

In addition to helping companies tackle cybersecurity challenges and meet IT compliance requirements, PAM solutions offer some other strategic benefits.

PAM automates routine and time-consuming tasks such as password rotations, access approvals, and privileged session monitoring. This reduces the workload on IT teams, allowing them to focus on higher-value initiatives and strategic projects. Streamlined operations ensure that employees and partners can access critical resources without interruptions, fostering a more productive work environment.

PAM drives higher return on investment (ROI) by preventing costly breaches, minimizing downtime, and automating access management processes. For instance, organizations leveraging PAM often see measurable reductions in the time and resources required to manage privileged accounts.

Implementation of PAM solutions demonstrates robust security measures to cyber insurance providers, helping businesses reduce premiums. Insurers evaluate the effectiveness of an organization's risk management systems, including access controls, when determining premiums.

PAM as a priority for cybersecurity leaders.

As cybersecurity threats evolve, the importance of PAM continues to grow. By addressing pressing challenges such as insider threats, strict regulatory compliance, new types of cyberattacks, and the complexities of hybrid IT environments, PAM ensures that organizations remain resilient in the face of dynamic risks.

Syteca PAM empowers organizational leaders to foster security and operational efficiency. With functions to combat today's challenges and meet tomorrow's needs, Syteca offers a holistic approach to protecting critical assets and streamlining access management.

Book a free demo to take the next step toward a secure, future-ready IT environment.

About the author: Ani Khachatryan, Syteca's Chief Technology Officer, started her journey in Syteca as a test manager. In this role, she successfully renovated the testing processes and helped integrate development best practices across the enterprise. Her strong background in testing and striving for perfection helps Ani come up with unconventional solutions to technical and operational issues, while her deep expertise in cybersecurity establishes her as an expert in the industry.

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information steal......

A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal crede......

You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your s......

Navigating the Future: Key IT Vulnerability Management Trends

As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws.

Staying informed on these trends can help MSPs and IT teams remain one step ahead of potential cyber-risks. The Kaseya Cybersecurity Survey findings 2024 navigates this new frontier of cyber challenges. The data is clear: Organizations are becoming increasingly reliant on vulnerability assessments and plan to prioritize these investments in 2025.

Companies are increasing the frequency of vulnerability assessments.

In 2024, 24% of respondents noted they conduct vulnerability assessments more than four times per year, up from 15% in 2023. This shift highlights a growing recognition of the need for continuous monitoring and quick response to emerging threats. Meanwhile, biannual assessments are becoming less common, with the percentage of organizations conducting them dropping from 29% to 18%. The trend toward more frequent vulnerability assessments signals a collective move toward a stronger, more resilient security posture.

How frequently does your organization conduct.

One-quarter of respondents conduct vulnerability assessments more than four times per year.

How often you should run vulnerability scans depends on a number of factors, including the risk level of your environment and compliance requirements:

High-risk areas, such as public-facing applications and critical infrastructure, may need daily or weekly scans. Less critical systems can be scanned monthly or quarterly.

Some compliance regulations, like the Payment Card Industry (PCI DSS), require vulnerability scans to be performed at least once every three months.

Major changes to infrastructure, such as new cloud accounts, network changes or large structural changes to web applications, may require more frequent scans.

Continuous scanning is becoming more popular because it provides 24/7 monitoring of your IT environment. It can also help reduce the time to find and fix vulnerabilities.

When choosing a vulnerability scanning frequency, it's essential to consider the pace of technology and the need to close cybersecurity gaps before attackers exploit them.

The top cause of cybersecurity issues is people.

User-related security issues are a significant concern for IT professionals. Organizations citing a lack of end-user or cybersecurity training as a root cause increased from 28% in 2023 to 44% in 2024. Additionally, nearly half of respondents identified poor user practices or gullibility as a major problem, tripling from 15% to 45%.

Poor user behavior can lead to cybersecurity vulnerabilities in many ways. After compromising a user's login credentials, cybercriminals can gain unauthorized access to an organization's network.

This contributes to anywhere from 60% to almost 80% of cybersecurity breaches.

IT professionals clearly view customers as a key factor in cybersecurity challenges, making it even more critical for organizations to take proactive measures, like vulnerability assessments and training, to close security gaps and reduce risks to minimize human-centered trouble.

What are the top three root causes of your cybersecurity issues?

Nearly 9 in 10 respondents named a lack of training or bad user behavior as one of the biggest causes of cybersecurity challenges.

Vulnerability management is a high priority for cybersecurity investment.

As security maturity levels off for many businesses, there's an increased focus on proactive cybersecurity measures. Interest in investment in vulnerability assessment doubled from 13% in 2023 to 26% in 2024. This trend coincides with growing investments in cloud security (33%), automated pentesting (27%) and network security (26%), highlighting the critical need to identify and address vulnerabilities quickly in a fast-moving threat landscape.

Which of the following cybersecurity investments do you anticipate making in the next 12 months?

Vulnerability assessment is on the cybersecurity investment shortlist for 2025.

Vulnerability assessments are key to minimizing incident costs.

Businesses are seeing that their security investments are paying off, with a trend toward lower-cost cybersecurity incidents in 2024. Proactive measures like vulnerability assessments can significantly reduce incident costs and enhance cybersecurity resilience.

Fast and Effective Vulnerability Management with VulScan.

VulScan is a comprehensive solution that identifies and prioritizes internal and external vulnerabilities in the networks you manage. It simplifies scheduling scans and filtering results for effective vulnerability management. Intuitive dashboards and reports facilitate quick identification of critical vulnerabilities to address before they can be exploited. Additionally, setting up unlimited network scanners and accessing scan results through the web management portal is quick and easy.

Local and remote internal vulnerability management.

Local and hosted external vulnerability scanning.

Ability to scan by IP address, domain name or hostname.

The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access inf......

Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this ......

Cisco has released patches to fix two critical vulnerabilities in its Identity Services Engine (ISE) security policy management platform.