Malware, ransomware, phishing, spear phishing. These are all ways hackers can gain access to your business data. But have you heard of password spraying? Password spraying is an attack that attempts to access a large number of accounts with a few commonly used passwords. In traditional attacks, hackers would attempt to gain unauthorized access to a single account by guessing the password. Unfortunately for the hackers, after trying typically three to five commonly-used passwords, they would get locked out of the account for too many failed login attempts. With password spraying, the hacker uses one commonly-used password (think '123456' or 'password1') and tests it against a large number of accounts. Once those accounts are tested against the password, the hacker moves on to another commonly-used password. Password spraying takes a bit of time to run, and as such, the hacker avoids getting locked out of accounts for multiple failed login attempts.
Password spraying attacks typically go after single sign-on applications. Single sign-on is a solution that allows users to sign on once and gain access to all of the applications on an enterprise without having to sign in to each one separately. So for instance, your company may utilize a single sign-on for users to access their computers every morning. When they sign on to the computer, this will automatically grant them access to their email without having to login separately. It may also give them access to network shared folders and other items.
This week, Citrix reported that hackers had successfully breached the company's network and stole sensitive personal information on current and formal employees and had access to internal assets for approximately six months. Hackers used password spraying to take advantage of weak employee passwords and gain entrance into the company network.
This type of attack can be especially hard to deal with. Not only was employee data compromised, but that of their dependents and beneficiaries. Employees tend to lose faith and trust in their employer when breaches occur, and it is hard to understand the long-term ramifications that this may have on them. Companies can proactively monitor the dark web with a dark web scan service to find out if employee's data is on the dark web, and alert them to change passwords accordingly. Companies also will want to look for a personal identify protection offering to monitor their information.
Password spraying attacks can cause much damage for a company. Just changing passwords is not enough anymore to prevent breaches because new passwords are just as easily stolen. Users also tend to change their passwords in a predictable way, for instance adding a 1 on the end of an old password. To prevent password spraying attacks, companies can institute an authentication solution that does not require a password as a first factor of authentication (think an iPhone or iPad that scans your fingerprint or face). Companies can also implement multi-factor authentication, which forces users to utilize multiple methods to log into accounts.
For more information on how to prevent password spraying, contact Fraser today! We help keep your company safe from cyber attacks.