According to the Microsoft Detection and Response Team (DART), password spray attacks against advantaged cloud accounts and high-profile names such as C-level executives have increased.
Password spraying is a sort of brute force attack in which hackers try a small number of regularly used passwords to get access to many accounts.
To identify easy-to-breach accounts and avoid activating protections like password lockout and malicious IP blocking (when using a botnet), these cyberattacks generally employ the same password while moving from one account to another.
This strategy reduces the likelihood of an account lock, which occurs when they’re targeted in traditional brute-forcing operations, which attempt to log into a limited number of accounts fast by running through a large password list one at a time.
The Microsoft Detection and Response Team (DART), as well as Microsoft’s threat intelligence teams, have seen an increase in the usage of password sprays as an attack vector over the last year, according to DART.
To dramatically reduce the chance of account penetration when targeted by such attacks, DART suggests establishing and enforcing multi-factor authentication (MFA) across all accounts wherever practicable, as well as embracing passwordless technologies.
According to Alex Weinert, Director of Identity Security at Microsoft, password spray operations are among the most common authentication attacks, accounting for nearly one-third of business account breaches.
Latest password spray attacks have targeted a wide range of administrator accounts with varying permissions, according to DART.
Accounts varying from security, Exchange service, global, and Conditional Access administrators to SharePoint, helpdesk, authentication, billing, user, and corporate administrators are the most prominent targets.
Threat actors have sought to breach identities with prominent (including C-level executives) or access sensitive data in addition to these types of privileged accounts.
It’s simple to make exceptions to policy for executives, but these are the accounts that get the most attention in practice. To prevent generating weak points in configuration, make sure to protect democratically, according to DART.