In March 2018, the Department of Justice indicted nine Iranian nationals for conducting brute force style attacks against organizations in the United States utilizing a technique referred to as “Password Spraying”.
Characteristically, brute force attacks attempt to authenticate credentials by guessing the password of a single user account, however accounts now will typically lock out after a handful of failed attempts. “Password Spraying” attempts to successfully authenticate using easy-to-guess passwords against multiple user accounts. This technique reduces the chance of triggering red flags for multiple failed attempts from a single user.
“Password Spray” attacks target single sign-on (SSO) and cloud-based applications that use federated authentication protocols in an attempt to hide malicious traffic. Federated authentication protocols are used in linking a person’s electronic identity across multiple identity management systems, which will also broaden the attacker’s scope to maximize access to intellectual property during a successful compromise.
Proficio Threat Intelligence Recommendations:
- Implement strong password standards
- Enable multi-factor authentication
- Abstain from clicking non-validated email links
Alert TA 18-086A – Click Here