Watch out for Password Spraying Attacks…

by

August 13, 2019

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to Network Administrators regarding an increase in Password Spraying attacks.

What is a Password Spraying Attack?

Pretty much exactly what it sounds like. It’s a brute-force style attack where a would-be attacker literally sprays passwords at a user accounts until one sticks.

By using one password at a time across multiple accounts the attacker is usually able to remain undetected.

Typical Targets

Attackers go after a wide array of targets including, but not limited to:

  • Webmail
  • Remote Desktop Software
  • Active Directory Federated Services
  • Cloud Services (i.e. Office365)

What to Look For

  • A high number of authentication attempts within a set period of time
  • Large numbers of bad usernames
  • High number of account lockouts within a set period of time

How to Stop a Password Spraying Attack

  • Implement multifactor authentication
  • Use complex passwords
  • Implement a strong password reset policy
  • Increase alerting and monitoring

Like our blog? Subscribe using the CTA in the upper right hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...