The Detection and Response Team (DART) of Microsoft, who respond to cyber-attacks and help Windows users become cyber resilient explained that they have discovered a substantial rise in password spray attacks incidents across the globe.
You might be wondering what is password spraying in the first place.
For our readers who don’t know, Password spraying is a kind of brute force attack where the threat actors use a small list of commonly used passwords to try obtaining access to the huge account lists.
Unlike the traditional brute force attacking method, the password spraying method uses the same password for various accounts. This minimizes the chances of activating the password lockout mechanism.
Whereas in the case of conventional brute force attack the bot tries a long list of passwords on just one account at a time. So, the chances of triggering the password lockout are high in the case of a classic brute force attack.
DART said that its threat intelligence teams have seen a surge in the use of password sprays attacks by cybercriminals over the years.
DART further noted that these cybercriminals are now targeting the cloud admin accounts and exploiting them with the help of password spray attacks.
Understanding what methods the threat actors use will help identify how to safeguard against such attacks. Here, password spray attacks are on the rise so users need to act accordingly.
With that being said, Microsoft’s Detection and Response Team suggests that users enable multi-factor authentication or MFA to safeguard their accounts and thereby minimize the risk of their accounts getting compromised in such types of attacks.
With that being said, DART confirms that the password spray attacks are being used on the majority of the cloud admin accounts including the Microsoft Exchange service, Sharepoint Conditional Access administrators to billing, authentication, and helpdesk.
These threat actors are so notorious that they steal information of the cloud users once they get admin access using the password spray method, DART concluded.
Featured Image: microsoft.com
Looking for more Microsoft news? Signup for our news later for the latest update