Blog

BNMC Blog

Bredy Network Management Corporation (BNMC) has been serving the Northeast area since 1988. BNMC works as a strategic business partner to provide organizations with proven design, implementation and support solutions.

Password Spraying? Yep, It’s a Thing

Password Spraying? Yep, It’s a Thing

Cyberwarfare has continued to evolve in sophisticated ways, and while security researchers try their best to keep up, hackers are always trying to outdo them. One example of such attacks, which are often sponsored by government agencies, is a recent attack on the United States and Israeli technology sectors, which have become the target of password spraying campaigns.

Password spraying is when multiple accounts are hacked into using commonly used passwords. Hackers spam these passwords in an attempt to break into these accounts. These attacks also involve variations of these commonly used passwords, and considering how often this happens, it’s not surprising to see how they can be successful.

Microsoft issued a warning in regards to the aforementioned attacks involving the United States and Israeli technology sectors in which 250 Microsoft Office 365 customers became the targets of password spraying tactics. Microsoft has named this group DEV-343, the DEV in the name representing the fact that the attacks are not currently being sponsored by state actors. The group is thought to originate from Iran.

Even though less than 20 of the targets were actually compromised, it’s quite concerning to see such high-profile targets using insecure passwords. Microsoft has reported that organizations using multi-factor authentication are at much less risk than those who do not. As reported by Microsoft, security professionals should be wary of suspicious connections enabled by Tor networks: "DEV-0343 conducts extensive password sprays emulating a Firefox browser and using IPs hosted on a Tor proxy network. They are most active between Sunday and Thursday between 7:30 AM and 8:30 PM Iran Time (04:00:00 and 17:00:00 UTC) with significant drop-offs in activity before 7:30 AM and after 8:30 PM Iran Time. They typically target dozens to hundreds of accounts within an organization, depending on the size, and enumerate each account from dozens to thousands of times. On average, between 150 and 1,000+ unique Tor proxy IP addresses are used in attacks against each organization.”

You should always be familiar with the traffic on your network, as doing so will help you identify when there is suspicious activity of any kind, like when someone accesses your network at 3 AM on the other side of the world. Passwords might be important, but so too are other measures, like multi-factor authentication.

BNMC can help your business optimize security and protect itself from the many threats out there. To learn more, reach out to us at (978) 482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Monday, 23 December 2024

Captcha Image

News & Updates

Woburn, MA – BNMC is honored to announce that we have been named a finalist in the inaugural MSP Titans of the Industry Awards for 2024. This recognition highlights our commitment to excellence, innovation, and leadership within the Managed Serv...

itc

Contact us

Learn more about what BNMC can do for your business.

Copyright BNMC. All Rights Reserved. Privacy Policy