Password Spraying Attacks And How To Defend Against Them

14 Feb 2023


Password spraying attacks are another rising threat in the cybersecurity landscape made possible by modern automation tools and the volumes of data available on the dark web. Once an employee’s account gets compromised, hackers can conduct all sorts of malicious activity within their organisation’s network, from exfiltrating sensitive customer data to installing ransomware, stealing intellectual property, and more. No matter the case, the consequences of a successful attack are far-reaching and extremely severe. Thankfully, the tried and true strategy of maintaining a robust defence still works against this cyberattack. Read on to learn more about password spraying and the measures to bolster your cybersecurity against this brute-force attack.

What is password spraying?

Password spraying is a brute-force type of attack wherein hackers try to match login credentials (i.e. a username to a password) to gain account access by leveraging automation tools. This repeating process of trying to match passwords on various accounts to find a valid combination can evade modern security software and stay undetected since it avoids repeatedly attempting to log in to a single account, circumventing the protocols that limit login attempts or block accounts upon multiple incorrect attempts.

Hackers use a list of easy-to-guess and common passwords found on the internet or put together by themselves to target accounts, with their go-to victims being organisations using standardised usernames (i.e. firstname.lastname@company.com). They also look for accounts with a Single Sign-On (SSO) feature as they can enable access to a wide range of top-level information about a business.

What can a successful password spraying attack entail?

Cyberattacks are generally carried out to cause as much damage as possible or steal high-value corporate data. Thus, the damage from a password spraying attack ultimately depends on the access level and permissions of the breached account. For instance, if the hacked account has access to an employee email list, it could be used to further the attack. Moreover, hackers can exploit network vulnerabilities to move laterally across an organisation’s system and access its critical infrastructures. The wider the range of permissions a compromised account has, the greater the damage it can cause to the business.

Tips to combat password spraying

Since password spraying attacks exploit our nature to make things as simple as possible (like reusing passwords for many accounts), combating password spraying starts with these measures:

● Use MFA or multi-factor authentication to add an additional layer of security to all your accounts.

● Choose a strong password that cannot be easily guessed. An easy way to come up with one is using a random password generator that includes a combination of numerals, symbols, letters, and so on, required by most platforms today.

● Use a physical or digital password manager. Given the recent successful cyberattack affecting the widely popular LastPass password manager, it is recommended to know the risks associated with the latter option.

● For businesses, be creative with the username convention used across the organisation and avoid those now in common use.

● Instead of using passwords, use a passwordless authentication or biometrical login method.

How to respond to a password spraying attack

If you suspect one of the organisation’s accounts has been compromised by password spraying, here are some corrective measures to deploy:

1. Reset all passwords for privileged and administrative domain accounts should MFA not be fully implemented.

2. Monitor malicious activity in the organisation’s endpoints and leverage Endpoint Detection and Response solutions to prevent lateral movement.

3. Increase the sensibility of the business’s security solutions to failed login attempts across numerous systems.

4. Watch for anomalies like an unusual increase in login attempts on SSO portals, as they could point to a password spraying attack.

Conclusion

As hackers continue to find new ways to get around modern cybersecurity defences, organisations must stay on top of the latest trends in cyber threats, such as password spraying. By knowing how this increasingly popular cyberattack works, organisations can improve their security posture and avoid falling victim to it.

Get in touch with GROUP8 today, and let us work together to keep your organisation always a step ahead of cybercriminals. Bolster your defences with our offensive-inspired solutions encompassing the whole cybersecurity ecosystem to ensure well-rounded protection from known and unknown threats. To learn more about our CREST-certified penetration testing, blockchain security, network security, and many other industry-leading cybersecurity services, don’t hesitate to reach out to us at hello@group8.co today.