Run The Money
Follow Run The Money

Defend Your Business Against Password Spraying Attacks

  • September 13, 2021

If you're reading this, I'm earning money in some way. I was compensated with money and/or product. Thanks for helping to feed my family. I also may have a financial interest in companies named. Please see our disclosure for more information. Also, any advice provided is for informational purposes only. I'm not an accountant, lawyer, doctor, fitness expert, or nutrition specialist. So, talk to a professional before acting on anything you read, watch, or listen to below. Get your own advice and do your own research. Email me at [email protected] with questions.

Password spraying is a highly prevalent form of brute-force cyberattack used to gain unauthorized access to computer systems. In this kind of an attack the hacker attempts to guess a user’s password using a list of common passwords like “123456” or “password.” Hackers try to avoid detection by using automated processes that occur slowly over time. Verizon’s 2020 Data Breach Report found that 80% of all hacking-related breaches involved brute-force methods like password spraying. IT support Joplin can help businesses in Joplin secure their sensitive data against password spraying and brute force attacks.

Passwords are vulnerable

Even with the highest ever increase in ransomware attacks in recent times, unsafe password behavior remains rampant. We just can't seem to get rid of bad habits like using easy to remember (and easy to guess) passwords or reusing the same password for multiple accounts. Many resort to password managers, but finding a reliable one remains challenging (without resorting to browser in-built password managers that can again be quite easily compromised). 

To add to the list of growing concerns, sophisticated technologies now exist that can help hackers crack even well-maintained passwords. 

The best way forward for organizations seems to be to eliminate passwords altogether, thereby effectively removing the risk of credential-based attacks such as password stuffing. 

Compromised Credentials and Privileged Accounts Are Dangerous to Your Environment

Compromised credentials pose grave dangers for any business environment. These can allow hackers to have legitimate access to your entire network. This leaves the hackers free to tweak or modify the rights and permissions to all the systems, data, and resources the compromised account can access.

When this compromise happens on a privileged account, the fallout can be even worse. These accounts always have high levels of access including administrative access. With this kind of access, hackers can be free to have network-wide access and also create backdoors and high-level accounts that are difficult to detect and take much longer to be identified. The problem is that the longer these backdoors exist, the more damaging it proves for the business. This can take a huge toll on both reputation and cost for the business. If you want to secure the constant flow of data with full control, please refer to private cloud solutions.

What Is a Password Spraying Attack?

Although it is a type of brute force attack, the password spraying attack is different from typical brute force attacks. In the latter, the hacker targets a single account with an exponential number of passwords. In contrast, the password spraying attack targets multiple accounts with the same password. If the hacker manages to pick out one or multiple user accounts configured with known, breached, or default passwords - those accounts are compromised. Password spray attacks are only successful because so many users fail to adhere to password best practices. With a large enough bank of usernames and sets of common passwords, hackers are bound to compromise some accounts.

In order to discourage brute force attacks, many businesses now utilize Microsoft Active Directory Domain Services (ADDS) and account lockout policies. This enables administrators to set the number of failed login attempts before the account gets automatically locked out for a set duration. Password spraying attacks work around this limitation by spreading the attack out over multiple accounts.

Password spraying attacks may appear like throwing stuff on the wall to see what sticks, but there are ways in which hackers can further streamline this kind of attacks. Most often, hackers target an account with single sign-on (SSO) authentication. If they manage to guess the credentials for that account, they can effectively gain access to multiple systems or applications. Other common targets include users that make use of cloud services and applications using federated authentication. As federated authentication can often mask malicious traffic, this enables hackers to move laterally. 

Once an account is compromised, companies stand to face temporary or permanent loss of sensitive information. Depending on the scale of the success of the attack, it could also result in significant operational disruptions, productivity and revenue losses and reputational damage.

How to Prevent Password Spraying Attacks?

Enforce Account Lockout Regulations that Limit Bad Password Attempts 

Account lockout policies are an effective prevention method against attackers trying out an infinite number of passwords. Enforce a set number of failed login attempts before access gets locked out automatically. While password spraying attacks can still manage to be effective against account lockouts, it will still prevent brute force attacks in general. 

Effective Password Policies for Better Security

Incorporate safe password practices as part of the security culture in your organization. The best way to do this is through effective password policies that help you control the characteristics of passwords used in the office environment. Good password policies allow administrators to define the length, complexity, and content of passwords that can be used in the corporate network. It is recommended for businesses to have advanced password protection policies such as breached password protection. Unfortunately, Microsoft's Active Directory Domain Services don’t allow for much beyond creating basic password policies. Businesses must try to use effective third-party solutions that can prevent the use of breached or weak passwords. Managed IT Services Washington can help your business with the right third-party solution for secure password management.

Use Multi-Factor Authentication (MFA)

Strong password policies that are regularly enforced along with breached password protection do help in securing passwords. But to go one step further up, companies need to implement multi-factor authentication. Multi-factor authentication is another step of identity verification layered with username and password. It combines something you know (your password) with something you have (a hardware authentication device). This makes it much more difficult for hackers to compromise credentials without having access to the physical devices. Even if they manage to get access to the compromised passwords, the second factor of the authentication security layer will prevent them from accessing your network. 

Modern and Robust Password Protection

For effective protection of passwords, companies need to implement modern password protection in their Active Directory environment. Third-party tools have more or less become a necessity here to protect against breached passwords and further secure Active Directory password policies. With enhanced cybersecurity posture thanks to more robust password protection, organizations can effectively prevent password spraying attacks from happening in the first place.

About James:

James Richards is a serial jelly bean eater with over 30 years of experience in the Information Technology industry. Growing up around the first generation of home computers, he always had a strong interest in technology and is continually grateful to be in a profession that he honestly enjoys. James is a problem solver who’s vision to provide quality is the foundation of Stronghold Data. His goal is to deliver solutions for customers that truly impress them with the outcome. His authenticity and compassion for his team and clients extends into the community with his active leadership roles.