What is Password Spraying

Password spraying is an easy way to take over internet accounts. It is a type of brute force attack where the hacker tries to gain access to an account by trying out a small number of commonly used passwords on a large number of accounts.

As per research, some commonly used passwords are 123456, spring2020, your favorite sports team, the company where you work, and some special characters. You can draft a fair idea from these commonly used passwords, put them in a word list and spray them over your list of users.

Numerous companies have a threshold for password attempts, which ranges from 3 to 10 attempts. With a ten attempt login functionality, you essentially have nine attempts to crack the password before being recognized and locked out.

Think of password spraying as a slower approach as opposed to a brute force attack where you attack an account by blasting multiple passwords concurrently. This approach allows hacker’s ample amount of space to gain access to various accounts without getting locked out. This dramatically helps in getting away with a breach without alerting the target.

How Does Password Spraying Affect Business?

It doesn’t take a genius to gather information about an individual or business these days. With a vast amount of data available online, everyone, including hackers, can gain information about an individual, a company and its employees instantly.

It doesn’t take long before a hacker can pinpoint who you are, where you work, your colleagues, and if they manage to find one username against you, the probability of your other user accounts being similar improves drastically.

If the hacker manages to gain access to an organization’s email account, then they can potentially get email addresses of all the employees in that organization. That ripple effect can breach several email accounts and reveal sensitive email communications.

What’s worse is that if a hacker manages to breach and access a company’s server, then they would be able to view confidential data that can be sold or used as a bargaining tool to extort a ransom.

How to recognize and stop a password spraying attack?

There are numerous ways to recognize a password spray attack. The simplest way is to flag user accounts that are being locked out constantly. Network administrators can see the IP addresses users are using to login to their accounts.

If the IP addresses are different each time, it gives a clear sign of the usual activity. From the administrative panel, accounts can be disabled instantly.

To avoid a password spraying attempt from taking place in the first place, here are the necessary measures that need to be followed:

  • An organization’s security policy must clearly state the applications allowed to be accessed remotely.
  • Change passwords frequently by using a strong alphanumeric password dissimilar to the previous one.
  • Enable two-factor authentication and authenticators on all applicable applications to add an extra layer of security.