Nov 1, 2021
0 0

Microsoft warns of rise in password sprays targeting cloud accounts

Written by

Microsoft: Windows KB5006674, KB5006670 updates break printing
Microsoft: Windows web content filtering now generally available
Hive ransomware now encrypts Linux and FreeBSD systems
Police arrest hackers behind over 1,800 ransomware attacks
Signal now lets you report and block spam messages
Microsoft Defender for Windows is getting a massive overhaul
Canadian province health care system disrupted by cyberattack
Kaspersky’s stolen Amazon SES token used in Office 365 phishing
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Microsoft warns of rise in password sprays targeting cloud accounts
The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives.
Password spraying is a type of brute force attack where the attackers attempt to gain access to large lists of accounts using a small number of commonly used passwords.
These attacks often use the same password while switching from one account to another to find easy to breach accounts and avoid triggering defenses like password lockout and malicious IP blocking (when using a botnet).
This tactic makes it less likely to trigger an account lock as it happens when they’re targeted in classic brute-forcing attacks that quickly try to log into a small number of accounts by going through an extensive password list, one account at a time.
“Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector,” DART said.
“Recently, DART has seen an uptick in cloud administrator accounts being targeted in password spray attacks, so understanding the targets is a good place to start.”
DART recommends enabling and enforcing multi-factor authentication (MFA) across all accounts whenever possible and adopting passwordless technology to drastically lower the risk of account compromise when targeted by such attacks.
As Microsoft revealed one year ago, password spray attacks are among the most popular authentication attacks amounting to over a third of enterprise account compromises, according to Alex Weinert, Director of Identity Security at Microsoft.
DART has seen a wide array of administrator accounts with various permissions being targeted in recent password spray attacks.
The list of most popular targets includes accounts ranging from security, Exchange service, global, and Conditional Access administrators to SharePoint, helpdesk, billing, user, authentication, and company admins.
Besides this type of privileged accounts, threat actors have also attempted to compromise identities with a high profile (including C-level executives) or access to sensitive data.
“It is easy to make exceptions to policy for staff who are in executive positions, but in reality, these are the most targeted accounts. Be sure to apply protection in a democratic way to avoid creating weak spots in configuration,” DART added.
In July, the NSA revealed that the Russian state-backed Fancy Bear hacking group launched password spray attacks against U.S. and foreign organizations, including the U.S. government and Department of Defense agencies, from Kubernetes clusters.
Microsoft also said earlier this month that it spotted both Iran-linked DEV-0343 and the Russian-sponsored Nobelium groups using password sprays in attacks targeting defense tech companies and managed service providers (MSPs) or cloud service providers, respectively.
Synology warns of malware infecting NAS devices with ransomware
NSA and CISA share guidance on securing 5G cloud infrastructure
FBI: Ranzy Locker ransomware hit at least 30 US companies this year
FBI warns of fake govt sites used to steal financial, personal data
US government discloses more ransomware attacks on water plants
Not a member yet? Register Now
Microsoft: Windows KB5006674, KB5006670 updates break printing
Chaos ransomware targets gamers via fake Minecraft alt lists
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Leave a Reply