Cyber Security

Microsoft warns of rise in password sprays targeting cloud accounts

The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives.

Password spraying is a type of brute force attack where the attackers attempt to gain access to large lists of accounts using a small number of commonly used passwords.

These attacks often use the same password while switching from one account to another to find easy to breach accounts and avoid triggering defenses like password lockout and malicious IP blocking (when using a botnet).

This tactic makes it less likely to trigger an account lock as it happens when they’re targeted in classic brute-forcing attacks that quickly try to log into a small number of accounts by going through an extensive password list, one account at a time.

“Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector,” DART said.

“Recently, DART has seen an uptick in cloud administrator accounts being targeted in password spray attacks, so understanding the targets is a good place to start.”

DART recommends enabling and enforcing multi-factor authentication (MFA) across all accounts whenever possible and adopting passwordless technology to drastically lower the risk of account compromise when targeted by such attacks.

Admins and high profile accounts increasingly targeted

As Microsoft revealed one year ago, password spray attacks are among the most popular authentication attacks amounting to over a third of enterprise account compromises, according to Alex Weinert, Director of Identity Security at Microsoft.

DART has seen a wide array of administrator accounts with various permissions being targeted in recent password spray attacks.

The list of most popular targets includes accounts ranging from security, Exchange service, global, and Conditional Access administrators to SharePoint, helpdesk, billing, user, authentication, and company admins.

Besides this type of privileged accounts, threat actors have also attempted to compromise identities with a high profile (including C-level executives) or access to sensitive data.

“It is easy to make exceptions to policy for staff who are in executive positions, but in reality, these are the most targeted accounts. Be sure to apply protection in a democratic way to avoid creating weak spots in configuration,” DART added.

In July, the NSA revealed that the Russian state-backed Fancy Bear hacking group launched password spray attacks against U.S. and foreign organizations, including the U.S. government and Department of Defense agencies, from Kubernetes clusters.

Microsoft also said earlier this month that it spotted both Iran-linked DEV-0343 and the Russian-sponsored Nobelium groups using password sprays in attacks targeting defense tech companies and managed service providers (MSPs) or cloud service providers, respectively.

Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-rise-in-password-sprays-targeting-cloud-accounts/

Advertisement. Scroll to continue reading.
Click to comment

You May Also Like

Cyber Security

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

An audit conducted by the Defense Department’s inspector general found agency components “may be unaware of known vulnerabilities and cybersecurity risks associated with operating...

Cyber Security

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products....

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version