Microsoft’s Detection and Response Team (DART) has detected an increase in password spray attacks over the past year. With increasing intelligence of security software and cybersecurity awareness, breaking into a network undetected has become more difficult. Therefore, threat actors are increasingly focused on stealing a victim’s credentials so they can access a network and carry out malicious activity that appears as normal network traffic. To gain these credentials, adversaries are employing password spraying. These attacks are “authentication attacks that employ a large list of usernames and pair them with common passwords in an attempt to ‘guess ’ the correct combination for as many users as possible,” according to Microsoft.
Researchers at Microsoft believe over a third of all account compromises result from password spraying attacks. Nation-state adversaries, including Russian and Iranian threat actors, have been observed conducting password spraying attacks against U.S. critical infrastructure entities. Microsoft’s DART provides several mitigation recommendations including enacting multi-factor authentication (MFA), mailbox auditing, and ensuring administrative accounts are cloud-based. Read more about password spraying and mitigation techniques at Microsoft here.