Microsoft Warns of Increase in Password Spraying Attacks

Microsoft’s Detection and Response Team (DART) has detected an increase in password spray attacks over the past year. With increasing intelligence of security software and cybersecurity awareness, breaking into a network undetected has become more difficult. Therefore, threat actors are increasingly focused on stealing a victim’s credentials so they can access a network and carry out malicious activity that appears as normal network traffic. To gain these credentials, adversaries are employing password spraying. These attacks are “authentication attacks that employ a large list of usernames and pair them with common passwords in an attempt to ‘guess ’ the correct combination for as many users as possible,” according to Microsoft.

Researchers at Microsoft believe over a third of all account compromises result from password spraying attacks. Nation-state adversaries, including Russian and Iranian threat actors, have been observed conducting password spraying attacks against U.S. critical infrastructure entities. Microsoft’s DART provides several mitigation recommendations including enacting multi-factor authentication (MFA), mailbox auditing, and ensuring administrative accounts are cloud-based. Read more about password spraying and mitigation techniques at Microsoft here.