A new type of brute-force attack called KnockKnock

A new type of brute-force attack called "KnockKnock"

KnockKnock has been going on since May 2017, it was created to essentially attack system accounts that are not assigned to any one individual user, making them particularly vulnerable.

Security researchers from Skyhigh networks have discovered a clever new botnet attack against Office 365 accounts, called ‘KnockKnock’ because attackers are trying to knock on backdoor system accounts to infiltrate the whole O365 environments.

The attackers tried to guess the passwords for these accounts because these accounts do not use two-factor authentication (2FA) and have higher access and privileges than regular employee accounts.

Accounts such as service accounts (like the ones used for user provisioning in larger enterprises), automation accounts (used to automate data and system backups), machine accounts (used for applications within data centers), marketing automation accounts (like the ones used for marketing and customer communication), internal tools accounts (like the ones used with JIRA, Jenkins, GitHub etc.)

According to Skyhigh, the best way to fight against KnockKnock is to enable 2FA for accounts, and to use powerful and unique passwords for both employee and system email accounts.