Password Spraying

Submitted by irteam on Wed, 04/17/2019 - 21:42

Another rapid growing attack technique among online accounts is through password spraying. Password Spraying targets a large number of accounts/usernames and loops them with a highly common or simple password.

How Does It Work?
Attacker collects multiple usernames
Try a single simple password such as P@ssword123 or Qwerty123, against the collected lists of usernames (one password to many accounts).
Repeat the process, utilizing another different password, but will give a "break-time" in-between so as to stay below the account lockout threshold.