How to Protect Your Business from Password Spray Attacks (and other credential-based attacks)Ī healthy cybersecurity strategy requires a comprehensive and proactive approach that not only protects against password spray attacks but the full range of possible password-based intrusion. Proper password security will be crucial as more individuals login via remote, cloud-based applications. This corresponds to a surge in attacks on cloud accounts, a 630% increase overall. According to McAfee’s 2021 Threat Predictions Report, there’s been a 50% increase in enterprise cloud use during the first four months of 2020. Password reuse and poor cybersecurity practices at home will make it easier for criminals to utilize password spraying attacks in 2021. Today, more workers are logging into company systems from their homes, and the shift towards remote working is unlikely to reverse. The pandemic has changed how many of us connect to our work. Cybersecurity and Infrastructure Security Agency warned that experts are expecting a surge of password spraying attacks against healthcare organizations involved in the pandemic response. In May last year, a joint report filed by the National Cyber Security Centre and the U.S. How did they get into their systems? A password spray campaign. In 2019, Citrix revealed that international cybercriminals cracked their internal network via compromised users and lurked, undetected, for six months. How the Pandemic Has Accelerated Targeted AttacksĬybercriminals have successfully deployed password spray attacks to gain unauthorized access to some of the world’s largest companies. Threat actors can employ password spray attacks against both kinds of targets, high-profile individuals and volume accounts. For this reason, they are considered a low and slow brute force attack. Password spraying is also alarmingly effective because it performs the number of guesses slowly enough to remain below the lockout threshold found on most account logins. A research study conducted by the National Cyber Security Centre revealed that 75% of participants’ organizations had accounts using a password from the top 1,000 list, and 87% has passwords in the top 10,000. Unfortunately, these attackers are usually not wrong. Threat actors “spray” thousands, potentially millions, of usernames with a familiar, easy-to-guess password with the assumption that there is likely at least one person with that password within a large group of people. They rely on trying a few commonly used passwords against a large number of accounts. Password spray attacks, on the other hand, take the opposite approach. Hackers attempt to gain access by firing off millions of passwords at a single account. Direct brute force attacks usually target the former, higher-level usernames. There are two types of targets in password-based attacks – a one-off, higher-value individual whose accounts will enable top-level access and lower-level volume accounts that could be used to gain a foothold in an organization. Luckily, there are a few simple, proactive steps you can take to mitigate password spray attacks and other credential-based attacks to protect your client and employee accounts from these nefarious actors. Shoring up your cybersecurity processes and procedures will be essential to protecting against account takeovers in the coming years. Since remote work has increased exponentially during the pandemic, cybercriminals are more active than ever before. This is just one type of password attack that could hit your organization, and cyber attacks like this are on the rise. Threat actors adopt this attack method because it can be done slowly enough to avoid account lockouts. When hackers target your organization with a password spraying attack, hackers are betting that one (or more) of your employees is logging in with a commonly used password. Back to Blog Password Spraying: How Common Passwords Threaten Your Organization
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |