Skip to main content

Microsoft sounds the alarm over new wave of password spraying attacks

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

Cybersecurity experts at Microsoft have warned against an increase in password spray attacks against cloud administrator accounts as well as high-profile identities such as C-level executives.

Password spraying is a type of brute force attack where the attackers use commonly used or previously compromised passwords repeatedly, but avoid triggering account lookouts by attacking different accounts. 

“Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector,” shared DART

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

The group says that identity attacks, such as password sprays, have become popular of late since best practices such as complex password policies and limiting access to resources prove to be ineffective at preventing unauthorized access.

Moving target

Just about a week ago researchers from Microsoft had shared that Nobelium, the threat actor behind last year’s widely-reported SolarWinds campaign, had been attacking IT services organizations including cloud service providers (CSP), with password spraying attacks.

In the new post, DART explains that it has seen a recent uptick in password spray attacks against administrator accounts, adding that threat actors are constantly evolving their tools and techniques, forcing the group to find new ways to detect the attacks.

The recent spate of attacks has targeted users with privileged access. These include global administrators, security administrators, SharePoint administrators, Microsoft Exchange administrators, helpdesk administrators, billing administrators, and others with similar access.

“It is easy to make exceptions to policy for staff who are in executive positions, but in reality, these are the most targeted accounts,” asserts DART as it shares recommendations for protecting against them.

In the post DART recommends disabling legacy authentication, and instead switching to multi-factor authentication (MFA) across all accounts. 

This doesn’t mean we should give up on passwords altogether, but the rabbit hole of password policies, and the potentially endless discussions about complexity, length, and “correct battery horse staple” should be avoided in favor of applying Zero Trust logic to identity and authentication.

One way to thwart identity attacks is to use one of the best security keys around today!

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.