Microsoft sounds the alarm over new wave of password spraying attacks
Businesses should switch to MFA and zero-trust access models, Microsoft suggests
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurityexperts atMicrosofthave warned against an increase in password spray attacks against cloud administrator accounts as well as high-profile identities such as C-level executives.
Password spraying is a type of brute force attack where the attackers use commonly used or previously compromised passwords repeatedly, but avoid triggering account lookouts by attacking different accounts.
“Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector,”shared DART.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Click here to start the survey in a new window«
The group says that identity attacks, such as password sprays, have become popular of late since best practices such as complex password policies and limiting access to resources prove to be ineffective at preventing unauthorized access.
Moving target
Justabout a week agoresearchers from Microsoft had shared that Nobelium, the threat actor behind last year’s widely-reportedSolarWinds campaign, had been attacking IT services organizations includingcloud serviceproviders (CSP), with password spraying attacks.
In the new post, DART explains that it has seen a recent uptick in password spray attacks against administrator accounts, adding that threat actors are constantly evolving their tools and techniques, forcing the group to find new ways to detect the attacks.
The recent spate of attacks has targeted users with privileged access. These include global administrators, security administrators, SharePoint administrators, Microsoft Exchange administrators,helpdeskadministrators,billingadministrators, and others with similar access.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“It is easy to make exceptions to policy for staff who are in executive positions, but in reality, these are the most targeted accounts,” asserts DART as it shares recommendations for protecting against them.
In the post DART recommends disabling legacy authentication, and instead switching to multi-factor authentication (MFA) across all accounts.
This doesn’t mean we should give up onpasswordsaltogether, but the rabbit hole of password policies, and the potentially endless discussions about complexity, length, and “correct battery horse staple” should be avoided in favor of applyingZero Trustlogic to identity and authentication.
One way to thwart identity attacks is to use one of thebest security keysaround today!
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well
