Microsoft warns of a wave of attacks using a “password spraying” technique targeting Windows machines. What does this term mean, and more importantly, what is the best way to protect yourself?
Microsoft warns of the activities of a group of hackers who exploit the weakness of the worst passwords. Their particularly formidable technique is called "password spraying." It's actually a type of dictionary bruteforce attack. In this type of attack, hackers test all the passwords contained in a file, usually quite large, one by one.
Password spraying occurs when, instead of testing a large number of passwords, cybercriminals opt instead for a shortlist of simple passwords, such as 123456, password, and other trustno1 passwords – which are still, unfortunately, all too common. The problem, Microsoft points out, is that this type of password, which offers almost no security, is also found among professionals.
At the heart of the problem, passwords must be replaced by alternatives
This opens up a rather incredible playing field for cybercriminals, who can thus target, with disconcerting ease, strategic components of infrastructure in the cloud. Microsoft's Threat Intelligence division explains that it has observed hackers from a group called Storm-1977 thus gained control of many "containerized" environments.
Services running in "containers" are increasingly common in cloud platforms. They isolate the execution of various programs, making hacks particularly complex – at least on paper. Storm-1977 was rather clever in targeting containers on the Microsoft Azure cloud in the education sector. Apparently, the use of overly simple passwords, which are therefore more susceptible to Password Spraying, seems to tend to be particularly common.
The hackers were then able to exploit the AzureChecker tool (which is freely available for download and widely used by legitimate actors) to test a targeted list of passwords contained in a text file at once. This allowed them to take control of numerous containers, mainly, in the case of Storm-1977, to mine cryptocurrencies.
There is a relatively simple solution to these attacks: remove passwords in favor of other authentication methods such as physical keys and other passkeys. A transition that seems particularly imperative in all professional sectors, where bad password practices remain the norm. Passwordless authentication is also recommended for individuals whenever possible.
0 Comments