Password Spraying

Submitted by IRTeam on Wed, 04/17/2019 - 16:29

Another rapid growing attack technique among online accounts is through password spraying. Password Spraying targets a large number of accounts/usernames and loops them with a highly common or simple password.

How Does It Work?
Attacker collects multiple usernames
Try a single simple password such as P@ssword123 or Qwerty123, against the collected lists of usernames (one password to many accounts).
Repeat the process, utilizing another different password, but will give a "break-time" in-between so as to stay below the account lockout threshold.

Affected System

  • Organizational Domain
  • Single Sign-On (SSO) applications
  • Cloud-based applications 
  • Email applications

Stay Protected

  • Disable IMAP and other legacy protocols if your organization is using Office365
  • Use strong, unique, lengthy and complex passwords
  • Adopt multi factor authentication
  • Change password regularly, not "recycling" previous used password or using a similar password throughout different accounts