fbpx

BNMC Blog

Bredy Network Management Corporation (BNMC) has been serving the Northeast area since 1988. BNMC works as a strategic business partner to provide organizations with proven design, implementation and support solutions.

Password Spraying? Yep, It’s a Thing

Password Spraying? Yep, It’s a Thing

Cyberwarfare has continued to evolve in sophisticated ways, and while security researchers try their best to keep up, hackers are always trying to outdo them. One example of such attacks, which are often sponsored by government agencies, is a recent attack on the United States and Israeli technology sectors, which have become the target of password spraying campaigns.

Password spraying is when multiple accounts are hacked into using commonly used passwords. Hackers spam these passwords in an attempt to break into these accounts. These attacks also involve variations of these commonly used passwords, and considering how often this happens, it’s not surprising to see how they can be successful.

Microsoft issued a warning in regards to the aforementioned attacks involving the United States and Israeli technology sectors in which 250 Microsoft Office 365 customers became the targets of password spraying tactics. Microsoft has named this group DEV-343, the DEV in the name representing the fact that the attacks are not currently being sponsored by state actors. The group is thought to originate from Iran.

Even though less than 20 of the targets were actually compromised, it’s quite concerning to see such high-profile targets using insecure passwords. Microsoft has reported that organizations using multi-factor authentication are at much less risk than those who do not. As reported by Microsoft, security professionals should be wary of suspicious connections enabled by Tor networks: "DEV-0343 conducts extensive password sprays emulating a Firefox browser and using IPs hosted on a Tor proxy network. They are most active between Sunday and Thursday between 7:30 AM and 8:30 PM Iran Time (04:00:00 and 17:00:00 UTC) with significant drop-offs in activity before 7:30 AM and after 8:30 PM Iran Time. They typically target dozens to hundreds of accounts within an organization, depending on the size, and enumerate each account from dozens to thousands of times. On average, between 150 and 1,000+ unique Tor proxy IP addresses are used in attacks against each organization.”

You should always be familiar with the traffic on your network, as doing so will help you identify when there is suspicious activity of any kind, like when someone accesses your network at 3 AM on the other side of the world. Passwords might be important, but so too are other measures, like multi-factor authentication.

BNMC can help your business optimize security and protect itself from the many threats out there. To learn more, reach out to us at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Wednesday, October 05 2022

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3