Get Started Today!  (954) 834-2800

croom new

KB Technologies Managed IT Blog

Password Spraying? Yep, It’s a Thing

Password Spraying? Yep, It’s a Thing

Cyberwarfare has continued to evolve in sophisticated ways, and while security researchers try their best to keep up, hackers are always trying to outdo them. One example of such attacks, which are often sponsored by government agencies, is a recent attack on the United States and Israeli technology sectors, which have become the target of password spraying campaigns.

Password spraying is when multiple accounts are hacked into using commonly used passwords. Hackers spam these passwords in an attempt to break into these accounts. These attacks also involve variations of these commonly used passwords, and considering how often this happens, it’s not surprising to see how they can be successful.

Microsoft issued a warning in regards to the aforementioned attacks involving the United States and Israeli technology sectors in which 250 Microsoft Office 365 customers became the targets of password spraying tactics. Microsoft has named this group DEV-343, the DEV in the name representing the fact that the attacks are not currently being sponsored by state actors. The group is thought to originate from Iran.

Even though less than 20 of the targets were actually compromised, it’s quite concerning to see such high-profile targets using insecure passwords. Microsoft has reported that organizations using multi-factor authentication are at much less risk than those who do not. As reported by Microsoft, security professionals should be wary of suspicious connections enabled by Tor networks: "DEV-0343 conducts extensive password sprays emulating a Firefox browser and using IPs hosted on a Tor proxy network. They are most active between Sunday and Thursday between 7:30 AM and 8:30 PM Iran Time (04:00:00 and 17:00:00 UTC) with significant drop-offs in activity before 7:30 AM and after 8:30 PM Iran Time. They typically target dozens to hundreds of accounts within an organization, depending on the size, and enumerate each account from dozens to thousands of times. On average, between 150 and 1,000+ unique Tor proxy IP addresses are used in attacks against each organization.”

You should always be familiar with the traffic on your network, as doing so will help you identify when there is suspicious activity of any kind, like when someone accesses your network at 3 AM on the other side of the world. Passwords might be important, but so too are other measures, like multi-factor authentication.

KB Technologies Managed IT can help your business optimize security and protect itself from the many threats out there. To learn more, reach out to us at (954) 834-2800.

Tired Of Annoying Computer Problems That Keep Coming Back?

MosaicLoader Is Being Used to Authorize Hacker Acc...
Introducing Google Business Profile
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, January 16 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.kb-it.com/

Latest Blog

It’s a known fact that businesses do not want to imagine what might happen under the absolute worst conditions, but it is something that comes with the territory of being a business owner. If you don’t plan for the worst, it could potentially place your company at risk. How ...

Latest News

KB Technologies Managed IT is proud to announce the launch of our new website at http://www.kb-it.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...