Microsoft Warns About Increase in Password Spray Attacks

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

The Detection and Response Team (DART) of Microsoft, who respond to cyber-attacks and help Windows users become cyber resilient explained that they have discovered a substantial rise in password spray attacks incidents across the globe.

You might be wondering what is password spraying in the first place.

For our readers who don’t know, Password spraying is a kind of brute force attack where the threat actors use a small list of commonly used passwords to try obtaining access to the huge account lists.

Unlike the traditional brute force attacking method, the password spraying method uses the same password for various accounts. This minimizes the chances of activating the password lockout mechanism.

Whereas in the case of conventional brute force attack the bot tries a long list of passwords on just one account at a time. So, the chances of triggering the password lockout are high in the case of a classic brute force attack.

DART said that its threat intelligence teams have seen a surge in the use of password sprays attacks by cybercriminals over the years.

DART further noted that these cybercriminals are now targeting the cloud admin accounts and exploiting them with the help of password spray attacks.

Understanding what methods the threat actors use will help identify how to safeguard against such attacks. Here, password spray attacks are on the rise so users need to act accordingly.

With that being said, Microsoft’s Detection and Response Team suggests that users enable multi-factor authentication or MFA to safeguard their accounts and thereby minimize the risk of their accounts getting compromised in such types of attacks.

With that being said, DART confirms that the password spray attacks are being used on the majority of the cloud admin accounts including the Microsoft Exchange service, Sharepoint Conditional Access administrators to billing, authentication, and helpdesk.

These threat actors are so notorious that they steal information of the cloud users once they get admin access using the password spray method, DART concluded.

Featured Image:

Looking for more Microsoft news? Signup for our news later for the latest update

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This