login screen (24Novembers/Shutterstock.com)

Machine learning spots password spray attacks

Microsoft has developed a machine learning tool to detect password spray attacks.

A common way to compromise credentials, a password spray attack involves bad actors using botnets to try a few common passwords on thousands of accounts – rather than trying thousands of passwords on a few systems. These password spray attacks tend to target legacy authentication protocols because they don’t support multifactor authentication, considered the best defense against such threats.

Because no one organization would notice a couple failed logins, attackers can remain undetected by an organization’s security staff.

When looking at login attempts across millions of tenants, however, Microsoft found that it could see when a single password was being used against hundreds of thousands of usernames from many Azure Active Directory clients – a password spray attack – and alert customers to increased credential risk, according to a blog written by Microsoft’s Director of Identity Security Alex Weinert.  

Microsoft then incorporated other deviations in account behavior like IP reputation and unfamiliar sign-in properties to train a new supervised machine learning system for password spray risk detection that it says detects twice as many compromised accounts as before.

The company said it will add the feature to Azure AD Identity Protection customers. 

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected