Jump to content

Password Spraying attack: What is it and how to stay protected?


The AchieVer

Recommended Posts

The AchieVer

Password Spraying attack: What is it and how to stay protected?

 

password,login,computer,online,security,log,field,piracy,user,username,page,entry,box,screen,monitor,technology,name,hacker,website,access,blue,communication,display,fill,firewall,hacking,internet,lcd,log-in,logon,macro,mail,private,protect,protection,secure,verification,web,webpage
 
  • Password spraying is an attack technique that attempts to target a large number of usernames with a few known passwords or commonly used passwords.
  • A study conducted by Proofpoint revealed that almost 60% of Microsoft Office 365 and G Suite users were targeted with IMAP-based password-spraying attacks.

Password spraying is an attack technique that attempts to target a large number of usernames with a few known passwords or commonly used passwords. Password spraying attack is also known as ‘reverse brute-force attack’ as it will reverse the attack technique by starting with the known password and trying it against a list of possible usernames.

 

Password spraying attacks usually target Single Sign-On (SSO) applications, cloud-based applications, and email applications. 

 

How does Password Spraying attack work?

 

In this technique, attackers attempt a single commonly used passwordagainst multiple usernames before moving on to attempt the second password.

  • Hackers initially collect multiple usernames using social engineering or other phishing methods. 
  • They then try a simple password such as password123, p@ssword, 12345678, etc against the list of usernames.
  • It often happens that at least one of those users is using a simple password, therefore, via password spraying attack attackers can easily break into user accounts.

Examples of Password Spraying attack

 

Example 1 - Attackers leveraged Password Spraying attack to target Citrix

 

Citrix learned from FBI on March 6, 2019, that cybercriminals gained unauthorized access to Citrix internal network and downloaded business documents. FBI advised Citrix that the attackers might have used a tactic known as ‘password spraying’ to gain access to Citrix internal network.

 

Example 2 - Password spraying campaigns exploit IMAP

 

Attackers leveraging password spraying technique are exploiting Internet Message Access Protocol (IMAP) to break into companies’ cloud accounts.

 

Proofpoint conducted a six-month study that analyzed over 100,000 unauthorized logins across millions of monitored cloud user-accounts and found out that almost 60% of Microsoft Office 365 and G Suite users were targeted with IMAP-based password-spraying attacks. Of the 60%, 25% of targeted users were successfully breached.

 

The study also revealed that the majority of IMAP-based password spraying attacks originated in China (53%) followed by Brazil (39%), and the US (31%).

 

How to stay protected?

  • Security experts recommend organizations using Office365 to disable IMAP and other legacy protocols in order to stay protected from IMAP-based password spraying attacks.
  • It is always recommended to use strong, complex, lengthy, and unique passwords that are difficult to crack.
  • It is best to use two-factor authentication while logging in to accounts.
  • It is recommended to always log out after the session is complete.
  • Experts recommend periodically rotating passwords and never reusing the same password across multiple accounts.

 

 

Source

Link to comment
Share on other sites


  • Replies 1
  • Views 579
  • Created
  • Last Reply

Edited to improve readability.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...