The infamous Password Spraying Attack
Password Spraying Attack - a conceptual diagram by Open-Measure

The infamous Password Spraying Attack

I just published a new dictionary entry on the Open-Measure dictionary: 

Some of you will remember when this brute-force technique broke the news in 2019, first with the Citrix data breach and then with a series of attacks on critical infrastructures. But these high-profile security incidents should not mislead other organizations into thinking it is not their concern: this technique is relatively cheap, easy to execute and commonplace.

The Password Spraying Attack is used by threat actors to compromise identities of IT systems relying on single-factor password authentication (or in combo after bypassing weakly implemented multi-factor authentication). One of its distinguishing characteristics from blunt password brute-force attack is that it avoids basic detection and prevention by account lockout mechanisms - you certainly remember the last time one of your account was locked out after 3 failed login attempts...

I let you enjoy the conceptual diagram that nicely synthetize the key features of this concept:

A diagram of the Password Spraying Attack concept

And invite those who wish to dig further into this topic to read the complete article on the Open-Measure wiki:

As always, don't hesitate to contribute with questions and comments, I will be most happy to refine or complement this research.

Sreekanth Arangathiruvanan

IAM - Information Security (CIAM, CIGE, CAMS & CIMP)

3 年

Nice article

回复
Ivan Borcard

?????? ?????????????? ?????????????? Your trusted advisor ?? ???? ???? ?????????????? ??? ?????????? ??? ???? ??? ???????? Cyber Security Expert ?? High-Quality Support ?? Innovative Cybersecurity Solution

3 年

Thanks. A PAM solution might help ;-)

Top thanks for sharing

回复

要查看或添加评论,请登录

David Doret的更多文章

社区洞察

其他会员也浏览了