Microsoft Warns Password Spraying Rise on Cloud Users—Here’s What You Should Know

Microsoft has issued a warning about the rise of “password spraying,” which specifically targets cloud users’ accounts.

Microsoft Warns Cloud Users About Password Spraying

According to Bleeping Computer, the Microsoft Detection and Response Team, or DART, discovered a significant increase in password spray attack incidents.

DART also stated that its threat intelligence team has been monitoring password spray schemes for years. Password spray schemes have become increasingly popular among cybercriminals and even state-sponsored attacks over the years.

Microsoft Warns Password Spraying Rise on Cloud Users—Here’s What You Should Know
DART, on the other hand, observed a pattern among the password spray attacks, adding that it targets “cloud administrator accounts.”

Microsoft’s director of identity security, Alex Weinert, previously revealed that password spray attacks are the most popular scheme used to target enterprise accounts as early as 2020.

To reiterate the previous revelation, DART confirms that the majority of cloud admin accounts targeted by password spray include Microsoft Exchange service, as well as Sharepoint Conditional Access administrators to billing, authentication, and helpdesk.

In addition to admin access, attackers use password spray to steal sensitive data from cloud users.

Password Spraying

According to ZDNet, password spraying is a hacking scheme that recently gained attention due to the high-profile SolarWinds attacks.

It comes after the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, revealed that the allegedly Kremlin-backed hacking incident used more than just trojans to carry out the attack. According to the agency, the hackers used both password spraying and password guessing methods to gain access to the administrative accounts.

This time, Microsoft saw an increase in password spraying, which primarily targets US and Israeli infrastructure.

Microsoft Warns Password Spraying Rise on Cloud Users—Here’s What You Should Know

What exactly is password spraying?

So, what exactly is password spraying, to begin with?

According to Microsoft’s DART, the new hacking scheme does not use multiple passwords to break into an account, as was previously used in brute force attacks. Password spraying, on the other hand, works the other way around. It allows hundreds, if not thousands, of users to access multiple accounts using a single password.

Microsoft, on the other hand, estimates that such a method has a 1% success rate. Nonetheless, the aforementioned method prevents the account from being locked due to numerous failed attempts.

Furthermore, DART revealed two types of password spraying: “low and slow” and “average and reuse.”

In the first method, hackers use multiple IP addresses to try to open a large number of accounts with a small number of passwords.

The latter, on the other hand, use credentials obtained from the dark web. The attackers then use the password to gain access to other accounts belonging to the same user, as some people reuse their passwords across multiple accounts.

No Comments Yet

Leave a Reply

Your email address will not be published.