Post-Acute Care News

Get News via Email

Security Spotlight: Password Spraying

By Peter Teichert on Thu, Sep 12, 2019 @ 04:06 PM
Find me on:

In the past year, a type of attack known as Password Spraying has been getting a lot of attention. Let's consider what this type of attack involves, why it is so dangerous, and what individuals can do in their role as Human Firewalls to prevent and detect these types of attacks.

What is Password Spraying?

  • Password Spraying is basically automated password guessing
  • Also known as the “low-and-slow” method since it typically involves an attacker trying a single password from a list of highly common passwords against a large number accounts before moving on to attempt a second password 
  • Although not a sophisticated attack, it has proven highly effective as it stays below the detection radar by avoiding frequent account lockouts against a single high-privilege account  

Why is Password Spraying so dangerous?

  • More and more business applications (think Office 365) and services are in the cloud and people re-using passwords is extremely common so, once the bad guys have your credentials for one platform, they often have access to other cloud services as well
  • Companies often invest in security solutions such as Firewalls, Antivirus, Intrusion Prevention/Intrusion Detection (“IPS/IDS”), and Encryption, but this type of attack bypasses all of them
  • It allows attackers to compromise accounts while masking themselves from detection by blending in with “normal” activity
    • Once attackers gain access to the system, they employ a technique known as Lateral Movement to move further across the network as they search for the key data and assets that are ultimately the target of their attacks

What can you do to prevent and detect Password Spraying?

  • Use uncommon and hard-to-guess passwords
    • Complex passwords including:
      • Uppercase and Lowercase characters (A – Z, a-z)
      • Digits (0-9)
      • Non-alphanumeric special characters (e.g.,!, #, $)
    • Use passphrases (sentences as a password)
  • Use a different password for each separate account, service, or site 

Detection of a Password Spraying attack often requires the use of analytic tools, but other observations include:

  • High volume of account lockouts
  • Spike in attempted/failed logins
  • Login attempts from inconsistent IP addresses

Conclusion:

Attackers will take the cheapest and shortest path to the objective, and Password Spraying fits that description since there are also a lot of open source tools readily available. Now that you know the essentials of Password Spraying, you can make it part of your efforts as a Human Firewall.

 

Recent Posts

bottom-cta.png

FREE CASE STUDY

Ensign Services Speeds Claims Turnaround up to 35-50% and collects revenues sooner!

PLAY DEMO