Jump to content
The AchieVer

Password Spraying attack: What is it and how to stay protected?

Recommended Posts

The AchieVer

Password Spraying attack: What is it and how to stay protected?

 

password,login,computer,online,security,log,field,piracy,user,username,page,entry,box,screen,monitor,technology,name,hacker,website,access,blue,communication,display,fill,firewall,hacking,internet,lcd,log-in,logon,macro,mail,private,protect,protection,secure,verification,web,webpage
 
  • Password spraying is an attack technique that attempts to target a large number of usernames with a few known passwords or commonly used passwords.
  • A study conducted by Proofpoint revealed that almost 60% of Microsoft Office 365 and G Suite users were targeted with IMAP-based password-spraying attacks.

Password spraying is an attack technique that attempts to target a large number of usernames with a few known passwords or commonly used passwords. Password spraying attack is also known as ‘reverse brute-force attack’ as it will reverse the attack technique by starting with the known password and trying it against a list of possible usernames.

 

Password spraying attacks usually target Single Sign-On (SSO) applications, cloud-based applications, and email applications. 

 

How does Password Spraying attack work?

 

In this technique, attackers attempt a single commonly used passwordagainst multiple usernames before moving on to attempt the second password.

  • Hackers initially collect multiple usernames using social engineering or other phishing methods. 
  • They then try a simple password such as password123, [email protected], 12345678, etc against the list of usernames.
  • It often happens that at least one of those users is using a simple password, therefore, via password spraying attack attackers can easily break into user accounts.

Examples of Password Spraying attack

 

Example 1 - Attackers leveraged Password Spraying attack to target Citrix

 

Citrix learned from FBI on March 6, 2019, that cybercriminals gained unauthorized access to Citrix internal network and downloaded business documents. FBI advised Citrix that the attackers might have used a tactic known as ‘password spraying’ to gain access to Citrix internal network.

 

Example 2 - Password spraying campaigns exploit IMAP

 

Attackers leveraging password spraying technique are exploiting Internet Message Access Protocol (IMAP) to break into companies’ cloud accounts.

 

Proofpoint conducted a six-month study that analyzed over 100,000 unauthorized logins across millions of monitored cloud user-accounts and found out that almost 60% of Microsoft Office 365 and G Suite users were targeted with IMAP-based password-spraying attacks. Of the 60%, 25% of targeted users were successfully breached.

 

The study also revealed that the majority of IMAP-based password spraying attacks originated in China (53%) followed by Brazil (39%), and the US (31%).

 

How to stay protected?

  • Security experts recommend organizations using Office365 to disable IMAP and other legacy protocols in order to stay protected from IMAP-based password spraying attacks.
  • It is always recommended to use strong, complex, lengthy, and unique passwords that are difficult to crack.
  • It is best to use two-factor authentication while logging in to accounts.
  • It is recommended to always log out after the session is complete.
  • Experts recommend periodically rotating passwords and never reusing the same password across multiple accounts.

 

 

Source

Share this post


Link to post
Share on other sites
Karlston

Edited to improve readability.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...