Password Spraying is a technique used by attackers in an attempt to gain access to the victim's account by trying passwords that users are most likely to use. Attackers in a single attempt can try to access multiple accounts by running them against a few commonly used passwords (eg: password, 12345, etc). Unlike brute-forcing, this approach has proven to be very successful as it enables attackers to stay hidden and avoid rapid account lockouts.
Password Spraying attack typically targets single sign-on (SSO) and cloud-based applications as it helps attackers mask their traffic whilst maximizing their probability of accessing user accounts. This technique enables them to steal the organization's financial and confidential data; ultimately exposing the organization to malicious attacks such as phishing attacks or Business Email Compromise scams.
Password spraying can be tricky and difficult to detect but with the right resources and defense mechanisms in place, organizations can stay one step ahead of cybercriminals. Based on some identified patterns mostly referred to as indicators of compromise associated with password spraying, organizations can operationalize them for specific log monitoring.
- Attackers are most likely to use usernames that are non-existent users, any such login attempt made with a non-existent user should be alerted.
- Lockout events should be triggered due to exceeding the lockout threshold within any service.
- Cybercriminals will often use automated bots or scripts targeting the specific URL of service which can also become a good signal for organizations to detect such attacks.
- Review logs and policies in place periodically for any particular service.
Practicing Good Password Hygiene:
Password hygiene is an important skill in today’s digital era that every individual must possess. For organizations, it becomes even more important as poor password hygiene puts them on high risk. Organizations can reduce this risk or the chances of them being breached by cybercriminals by simply practicing good password hygiene.
- Passwords should be changed on a regular basis.
- Use different passwords for different websites.
- Use password management tools that help you store and generate passwords more securely.
- Multi-factor authentication (2FA) along with strong passwords will add a second layer of security.
For further details, click the download button below!