Microsoft Cautions Over Increase In Password Spraying Attacks

According to Microsoft’s Detection and Response Team (DART), state-sponsored hackers, including the SolarWinds hackers, Nobelium and others, track identities with password spraying.

Password spraying is a variant of what is known as a brute force attack, in which the perpetrators attempt to gain unauthorized access to a single account by repeatedly guessing the password within a short period of time.

DART identified two main password spray techniques including the first known as “low and slow,” which simply means that a determined attacker uses a sophisticated password spray that uses “several individual IP addresses to attack multiple accounts at the same time with a limited number of curated guesses.”

The other method, “availability and reuse,” exploits previously compromised credentials that are published and sold on the dark web. According to Microsoft, “attackers can utilize this tactic, also called ‘credential stuffing’ to easily gain entry because it relies on people reusing passwords and username across sites.”

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web