When hackers target your organization with a password spraying attack, hackers are betting that one (or more) of your employees is logging in with a commonly used password. Threat actors adopt this attack method because it can be done slowly enough to avoid account lockouts. This is just one type of password attack that could hit your organization, and cyber attacks like this are on the rise. Since remote work has increased exponentially during the pandemic, cybercriminals are more active than ever before. Shoring up your cybersecurity processes and procedures will be essential to protecting against account takeovers in the coming years. Luckily, there are a few simple, proactive steps you can take to mitigate password spray attacks and other credential-based attacks to protect your client and employee accounts from these nefarious actors.
A Low and Slow Brute Force Attack
There are two types of targets in password-based attacks – a one-off, higher-value individual whose accounts will enable top-level access and lower-level volume accounts that could be used to gain a foothold in an organization. Direct brute force attacks usually target the former, higher-level usernames. Hackers attempt to gain access by firing off millions of passwords at a single account. Password spray attacks, on the other hand, take the opposite approach. They rely on trying a few commonly used passwords against a large number of accounts. Threat actors “spray” thousands, potentially millions, of usernames with a familiar, easy-to-guess password with the assumption that there is likely at least one person with that password within a large group of people. Unfortunately, these attackers are usually not wrong. A research study conducted by the National Cyber Security Centre revealed that 75% of participants’ organizations had accounts using a password from the top 1,000 list, and 87% has passwords in the top 10,000.
Password spraying is also alarmingly effective because it performs the number of guesses slowly enough to remain below the lockout threshold found on most account logins. For this reason, they are considered a low and slow brute force attack. Threat actors can employ password spray attacks against both kinds of targets, high-profile individuals and volume accounts.
How the Pandemic Has Accelerated Targeted Attacks
Cybercriminals have successfully deployed password spray attacks to gain unauthorized access to some of the world’s largest companies. In 2019, Citrix revealed that international cybercriminals cracked their internal network via compromised users and lurked, undetected, for six months. How did they get into their systems? A password spray campaign.
In May last year, a joint report filed by the National Cyber Security Centre and the U.S. Cybersecurity and Infrastructure Security Agency warned that experts are expecting a surge of password spraying attacks against healthcare organizations involved in the pandemic response.
The pandemic has changed how many of us connect to our work. Today, more workers are logging into company systems from their homes, and the shift towards remote working is unlikely to reverse. Password reuse and poor cybersecurity practices at home will make it easier for criminals to utilize password spraying attacks in 2021. According to McAfee’s 2021 Threat Predictions Report, there’s been a 50% increase in enterprise cloud use during the first four months of 2020. This corresponds to a surge in attacks on cloud accounts, a 630% increase overall. Proper password security will be crucial as more individuals login via remote, cloud-based applications.
How to Protect Your Business from Password Spray Attacks (and other credential-based attacks)
A healthy cybersecurity strategy requires a comprehensive and proactive approach that not only protects against password spray attacks but the full range of possible password-based intrusion. When the security of your business, your employees, and your clients are at stake, you want to take every possible precaution against fraudulent activities and data breaches.
There are multiple types of password-based attacks that hackers can use to get into your system. Find a solution that addresses all the vectors of attack to truly safeguard your password layer. The safest way to be sure your passwords are strong and secure is to monitor them against password blacklists, including regionalized and business-specific lists. Continuous monitoring against common and previously breached passwords, along with regular auditing against a continuously updated database, is a simple, straightforward solution that makes maintaining proactive password security much more manageable.