Groups Similar Look up By Text Browse About

Similar articles
Article Id Title Prob Score Similar Compare
218868 ZDNET 2021-10-27:
Microsoft warns over uptick in password spraying attacks
1.000 Find similar Compare side-by-side
218735 TECHREPUBLIC 2021-10-27:
Microsoft warns of new supply chain attacks by Russian-backed Nobelium group
0.851 0.523 Find similar Compare side-by-side
218930 ZDNET 2021-10-25:
SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns
0.459 Find similar Compare side-by-side
218856 ZDNET 2021-10-27:
These phishing emails use QR codes to bypass defences and steal Microsoft 365 usernames and passwords
0.350 Find similar Compare side-by-side
218862 TECHREPUBLIC 2021-10-26:
Phishing attack exploits Craigslist and Microsoft OneDrive
0.347 Find similar Compare side-by-side
219200 ZDNET 2021-10-28:
HTTPS threats grow more than 314% through 2021: Report
0.325 Find similar Compare side-by-side
219220 ZDNET 2021-10-29:
AFP confiscates AU$1.7m from Sydney man who stole Netflix, Spotify, Hulu accounts
0.322 Find similar Compare side-by-side
219101 VENTUREBEAT 2021-10-28:
SlashNext, which uses AI to combat phishing, raises $26M
0.315 Find similar Compare side-by-side
219404 TECHREPUBLIC 2021-10-29:
Cybercrime: Europol arrests 12 people for ransomware activities possibly affecting 1,800 victims in 71 countries
0.312 Find similar Compare side-by-side
218709 ARSTECHNICA 2021-10-27:
Securing your digital life, part two: The bigger picture—and special circumstances
0.306 Find similar Compare side-by-side
218929 ZDNET 2021-10-25:
Tesco's website restored after suspected cyberattack
0.306 Find similar Compare side-by-side
218738 TECHREPUBLIC 2021-10-26:
9 key security threats that organizations will face in 2022
0.292 Find similar Compare side-by-side
219134 ZDNET 2021-10-29:
Ransomware: Police sting targets suspects behind 1,800 attacks that 'wreaked havoc across the world'
0.291 Find similar Compare side-by-side
218990 ZDNET 2021-10-26:
CISA warns of remote code execution vulnerability with Discourse
0.291 Find similar Compare side-by-side
218917 ZDNET 2021-10-26:
Third-party data breach in Singapore hits healthcare provider
0.290 Find similar Compare side-by-side
219089 TECHREPUBLIC 2021-10-29:
Learn all you need from this training bundle on Azure, Windows and Microsoft 365
0.286 Find similar Compare side-by-side
218722 ZDNET 2021-10-25:
Ransomware: Industrial services top the hit list - but cyber criminals are diversifying
0.286 Find similar Compare side-by-side
218752 ZDNET 2021-10-27:
Weeks early: Adobe dumps massive security patch update
0.283 Find similar Compare side-by-side
219170 ZDNET 2021-10-27:
Microsoft is adding another way to update Windows 11 with Online Service Experience Packs
0.283 Find similar Compare side-by-side
218840 ZDNET 2021-10-27:
Microsoft unveils sustainability management portal for businesses
0.279 Find similar Compare side-by-side
218749 ZDNET 2021-10-27:
Microsoft outlines its progress, next steps in its decarbonization plans
0.279 Find similar Compare side-by-side
218960 ZDNET 2021-10-25:
Large DDoS attack shuts down KT's nationwide network
0.275 Find similar Compare side-by-side
219176 ZDNET 2021-10-28:
NRA responds to reports of Grief ransomware attack
0.274 Find similar Compare side-by-side
219079 ZDNET 2021-10-29:
Microsoft acquires content-moderation specialist Two Hat
0.267 Find similar Compare side-by-side
218975 ZDNET 2021-10-25:
BillQuick says patch coming after Huntress report identifies vulnerabilities used in ransomware attack
0.260 Find similar Compare side-by-side


ID: 218868


Date: 2021-10-27

Microsoft warns over uptick in password spraying attacks

State-sponsored hackers and cyber criminals are going after identities with password spraying, a low-effort and high-value method for the attacker, says Microsoft's Detection and Response Team (DART). Cyber attackers aren't just looking for software flaws, supply chain weakness, and open RDP connections. The other key asset hackers are after is identities, especially account details that will give them access to other internal systems. CISA earlier this year warned that the suspected Kremlin-backed hackers behind the SolarWinds attacks were not just trojanising software updates, but also password guessing and password spraying administrative accounts for initial access. The best cybersecurity certifications Cybersecurity certifications can help you enter an industry with a high demand for skilled staff. Read More More recently , Microsoft observed an emerging Iranian hacking group using password spraying against Israeli and US critical infrastructure targets operating in the Persian Gulf.  Ransomware: Industrial services top the hit list - but cyber criminals are diversifying Microsoft estimates that more than a third of account compromises are password spraying attacks, even though such attacks have a 1% success rate for accounts, unless organisations use Microsoft's ' password protection' to avoid bad passwords.  "Instead of trying many passwords against one user, they try to defeat lockout and detection by trying many users against one password," Microsoft explained last year. That approach helps avoid rate limiting, where too many failed password attempt results in a lockout.  Microsoft's Detection and Response Team (DART) has outlined two main password spray techniques, the first of which it calls 'low and slow'. Here, a determined attacker deploys a sophisticated password spray using "several individual IP address to attack multiple accounts at the same time with a limited number of curated password guesses." The other technique, 'availability and reuse', exploits previously compromised credentials that are posted and sold on the dark web. " Attackers can utilize this tactic, also called 'credential stuffing,' to easily gain entry because it relies on people reusing passwords and usernames across sites," Microsoft explains. Legacy and unsecured authentication protocols are a problem because they can't enforce multi-factor authentication. Attackers are also focussing on the REST API, says DART. Top applications targeted include Exchange ActiveSync, IMAP, POP3, SMTP Auth, and Exchange Autodiscover. " Recently, DART has seen an uptick in cloud administrator accounts being targeted in password spray attacks," Microsoft notes.    Extra care should also be taken when configuring security controls for roles such as security admins, Exchange service admins, Global admins, Conditional Access admins, SharePoint admins, Helpdesk admins, Billing admins, User admins, Authentication admins, and Company admins. High-profile identities such as C-level execs or specific roles with access to sensitive data are also popular targets, says Microsoft. Microsoft this week warned that the SolarWinds hackers, a.k.a. Nobelium, were employing password spray attacks on new targets, primarily against managed service providers that have been delegated admin access by upstream customers. Ransomware: Looking for weaknesses in your own network is key to stopping attacks Microsoft found that Nobelium was "targeting privileged accounts of service providers to move laterally in cloud environments, leveraging the trusted relationships to gain access to downstream customers and enable further attacks or access targeted systems." The attacks are not the result of a product security vulnerability, Microsoft stressed, "but rather a continuation of Nobelium's… dynamic toolkit that includes sophisticated malware, password sprays, supply chain attacks, token theft, API abuse, and spear phishing to compromise user accounts and leverage the access of those accounts." DART offers some handy tips to help shape the course of an investigation, such as determining whether the spray attack was successful on at least one account, determining which users were affected, and whether admin accounts were compromised.