“Password spraying” attacks

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are releasing a warning related to brute force attacks. 

According to the alert, malicious actors are increasingly using brute force attacks also known as “password spraying” to target organizations in the United States and abroad. These campaigns often target Single sign-on (SSO) installations as well as email applications.

An excerpt of the attack: 

 “In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow three to five bad attempts during a set period of time. During a password-spray attack (also known as the “low-and-slow” method), the malicious actor attempts a single password against many accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.”

This is similar threat to the Talos report that we highlighted yesterday regarding the “GoScanSSH” malware that targets weak or default passwords on SSH servers. 

Leave a Reply

Close Menu