Home

Azure AD and ADFS best practices: Defending against password spray attacks

%3CLINGO-SUB%20id%3D%22lingo-sub-167941%22%20slang%3D%22en-US%22%3EAzure%20AD%20and%20ADFS%20best%20practices%3A%20Defending%20against%20password%20spray%20attacks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167941%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20long%20as%20we%E2%80%99ve%20had%20passwords%2C%20people%20have%20tried%20to%20guess%20them.%20In%20this%20blog%2C%20we%E2%80%99re%20going%20to%20talk%20about%20a%20common%20attack%20which%20has%20become%20MUCH%20more%20frequent%20recently%20and%20some%20best%20practices%20for%20defending%20against%20it.%20This%20attack%20is%20commonly%20called%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Epassword%20spray.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3EIn%20a%20password%20spray%20attack%2C%20the%20bad%20guys%20try%20the%20most%20common%20passwords%20across%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3Emany%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FEM%3Edifferent%20accounts%20and%20services%20to%20gain%20access%20to%20any%20password%20protected%20assets%20they%20can%20find.%20Usually%20these%20span%20many%20different%20organizations%20and%20identity%20providers.%20For%20example%2C%20an%20attacker%20will%20use%20a%20commonly%20available%20toolkit%20like%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.blackhillsinfosec.com%2Fintroducing-mailsniper-a-tool-for-searching-every-users-email-for-sensitive-data%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMailsniper%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eto%20enumerate%20all%20of%20the%20users%20in%20several%20organizations%20and%20then%20try%20%E2%80%9CP%40%24%24w0rd%E2%80%9D%20and%20%E2%80%9CPassword1%E2%80%9D%20against%20all%20of%20those%20accounts.%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20780px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F29685i99EF2E991947C637%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22030418_2027_AzureADandA1.jpg%22%20title%3D%22030418_2027_AzureADandA1.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%3ERead%20about%20it%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fenterprisemobility%2F2018%2F03%2F05%2Fazure-ad-and-adfs-best-practices-defending-against-password-spray-attacks%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EEnterprise%20Mobility%20%2B%20Security%20blog%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-167941%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Community Manager

As long as we’ve had passwords, people have tried to guess them. In this blog, we’re going to talk about a common attack which has become MUCH more frequent recently and some best practices for defending against it. This attack is commonly called password spray.

 

In a password spray attack, the bad guys try the most common passwords across many different accounts and services to gain access to any password protected assets they can find. Usually these span many different organizations and identity providers. For example, an attacker will use a commonly available toolkit like Mailsniper to enumerate all of the users in several organizations and then try “P@$$w0rd” and “Password1” against all of those accounts. 

 

030418_2027_AzureADandA1.jpg

 

Read about it in the Enterprise Mobility + Security blog.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies