login screen (24Novembers/Shutterstock.com)

Machine learning spots password spray attacks

Microsoft has developed a machine learning tool to detect password spray attacks.

A common way to compromise credentials, a password spray attack involves bad actors using botnets to try a few common passwords on thousands of accounts – rather than trying thousands of passwords on a few systems. These password spray attacks tend to target legacy authentication protocols because they don’t support multifactor authentication, considered the best defense against such threats.

Because no one organization would notice a couple failed logins, attackers can remain undetected by an organization’s security staff.

When looking at login attempts across millions of tenants, however, Microsoft found that it could see when a single password was being used against hundreds of thousands of usernames from many Azure Active Directory clients – a password spray attack – and alert customers to increased credential risk, according to a blog written by Microsoft’s Director of Identity Security Alex Weinert.  

Microsoft then incorporated other deviations in account behavior like IP reputation and unfamiliar sign-in properties to train a new supervised machine learning system for password spray risk detection that it says detects twice as many compromised accounts as before.

The company said it will add the feature to Azure AD Identity Protection customers. 

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected