Machine learning spots password spray attacks
Microsoft has developed a machine learning tool to detect password spray attacks.
A common way to compromise credentials, a password spray attack involves bad actors using botnets to try a few common passwords on thousands of accounts – rather than trying thousands of passwords on a few systems. These password spray attacks tend to target legacy authentication protocols because they don’t support multifactor authentication, considered the best defense against such threats.
Because no one organization would notice a couple failed logins, attackers can remain undetected by an organization’s security staff.
When looking at login attempts across millions of tenants, however, Microsoft found that it could see when a single password was being used against hundreds of thousands of usernames from many Azure Active Directory clients – a password spray attack – and alert customers to increased credential risk, according to a blog written by Microsoft’s Director of Identity Security Alex Weinert.
Microsoft then incorporated other deviations in account behavior like IP reputation and unfamiliar sign-in properties to train a new supervised machine learning system for password spray risk detection that it says detects twice as many compromised accounts as before.
The company said it will add the feature to Azure AD Identity Protection customers.
Connect with the GCN staff on Twitter @GCNtech.