Cybersecurity experts at Microsoft have warned against an increase in password spray attacks against cloud administrator accounts as well as high-profile identities such as C-level executives.
Password spraying is a type of brute force attack where the attackers use commonly used or previously compromised passwords repeatedly, but avoid triggering account lookouts by attacking different accounts.
“Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector,” shared DART.
The group says that identity attacks, such as password sprays, have become popular of late since best practices such as complex password policies and limiting access to resources prove to be ineffective at preventing unauthorized access.
Moving target
Just about a week ago researchers from Microsoft had shared that Nobelium, the threat actor behind last year’s widely-reported SolarWinds campaign, had been attacking IT services organizations including cloud service providers (CSP), with password spraying attacks.
In the new post, DART explains that it has seen a recent uptick in password spray attacks against administrator accounts, adding that threat actors are constantly evolving their tools and techniques, forcing the group to find new ways to detect the attacks.
The recent spate of attacks has targeted users with privileged access. These include global administrators, security administrators, SharePoint administrators, Microsoft Exchange administrators, helpdesk administrators, billing administrators, and others with similar access.
“It is easy to make exceptions to policy for staff who are in executive positions, but in reality, these are the most targeted accounts,” asserts DART as it shares recommendations for protecting against them.
In the post DART recommends disabling legacy authentication, and instead switching to multi-factor authentication (MFA) across all accounts.
This doesn’t mean we should give up on passwords altogether, but the rabbit hole of password policies, and the potentially endless discussions about complexity, length, and “correct battery horse staple” should be avoided in favor of applying Zero Trust logic to identity and authentication.
One way to thwart identity attacks is to use one of the best security keys around today!
