Microsoft Warns Password Spraying Rise on Cloud Users—Here’s What You Should Know

Microsoft warned about the "password spraying" rise that specifically targets the accounts of cloud users.

Microsoft Warns Password Spraying Rise on Cloud Users—Here’s What You Should Know
LONDON, ENGLAND - AUGUST 09: In this photo illustration, A woman is silhouetted against a projection of a password log-in dialog box on August 09, 2017 in London, England. With so many areas of modern life requiring identity verification, online security remains a constant concern, especially following the recent spate of global hacks. by Leon Neal/Getty Images

Microsoft Warns Password Spraying Rise on Cloud Users

As per the report by Bleeping Computer, the Microsoft Detection and Response Team, or shortly known as DART, found out that there is a notable increase in password spray attack incidents.

DART further noted that its threat intelligence team has been observing password spray schemes for years already. And through the years, cybercriminals and even state-sponsored attacks are using password spray schemes more.

That said, DART noticed a trend among the password spray attacks, adding that it targets "cloud administrator accounts."

As early as 2020, Microsoft already warned that password spray attacks are the most popular scheme used to target enterprise accounts, the director of identity security of Microsoft, Alex Weinert, previously revealed.

Microsoft Warns Password Spraying Rise on Cloud Users—Here’s What You Should Know
The logo of French headquarters of American multinational technology company Microsoft, is pictured outside on March 6, 2018 in Issy-Les-Moulineaux, a Paris' suburb. by GERARD JULIEN/AFP via Getty Images

To echo the previous revelation, DART confirms that most cloud admin accounts that are being targeted by password spray include Microsoft Exchange service, along with Sharepoint Conditional Access administrators to billing, authentication, and helpdesk.

On top of the admin access, attackers are also using password spray to steal sensitive data of cloud users.

Password Spraying

According to ZDNet's report, password spraying is a hacking scheme that recently took the spotlight during the high-profile SolarWinds attacks.

It comes after the Cybersecurity and Infrastructure Security Agency or CISA of the Department of Homeland Security disclosed that the allegedly Kremlin-backed hacking incident did not only use trojans to carry out the attack. The agency suggests that the hackers also used both password spraying and password guessing methods to access the administrative accounts.

This time around, Microsoft saw another uptick in password spraying, which mainly targets both US and Israeli infrastructures.

Password Spraying: What is it?

So, what is password spraying in the first place?

Microsoft's DART explained that the new hacking scheme no longer uses numerous passwords to break an account, which was typically used for brute force attacks. Instead, password spraying goes the other way around. It utilizes a single password for hundreds if not thousands of users to access multiple accounts.

However, Microsoft estimates that such a method only has a 1% success rate. Nevertheless, the said approach prevents locking the account due to numerous failed attempts.

What's more, DART further revealed that there are two types of password spraying, "low and slow" and "average and reuse."

In the first method, the hackers use multiple IP addresses to attempt opening tons of accounts with a limited number of passwords.

On the other hand, the latter use credentials that were harvested from the dark web. Then, the attackers use the password to access other accounts from the said user as some folks reuse their password on multiple accounts.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics