Security Alert enhancement: Suspicious Authentication Failure

%3CLINGO-SUB%20id%3D%22lingo-sub-282799%22%20slang%3D%22en-US%22%3ESecurity%20Alert%20enhancement%3A%20Suspicious%20Authentication%20Failure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-282799%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22margin%3A%200in%3B%20margin-bottom%3A%20.0001pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.5pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%20color%3A%20black%3B%22%3ESuspicious%20authentication%20failures%20security%20alert%20now%20includes%20an%20improved%20logic%20that%20also%20detects%20Password%20Spraying.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20margin-bottom%3A%20.0001pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.5pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%20color%3A%20black%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20margin-bottom%3A%20.0001pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.5pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%20color%3A%20black%3B%22%3EIn%20Password%20Spraying%20attackers%20try%20few%20carefully%20crafted%20passwords%20against%20many%20known%20user%20accounts.%20Password%20spraying%20attacks%20have%20proven%20to%20be%20effective%20at%20gaining%20an%20initial%20foothold%20in%20an%20organization.%20It%20has%20quickly%20become%20a%20favorite%20technique%20of%20both%20attackers%20and%20pen%20testers.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20margin-bottom%3A%20.0001pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.5pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%20color%3A%20black%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20margin-bottom%3A%20.0001pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.5pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%20color%3A%20black%3B%22%3EIn%20addition%2C%20we%20added%20more%20evidences%20to%20give%20you%20relevant%20data%20on%20what%20happened%20that%20will%20help%20you%20start%20the%20investigation.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20margin-bottom%3A%20.0001pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.5pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%20color%3A%20black%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F59130i46DD68106E976DF5%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22BFimproved.PNG%22%20title%3D%22BFimproved.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20margin-bottom%3A%20.0001pt%3B%20line-height%3A%2015.0pt%3B%20vertical-align%3A%20baseline%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.5pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%20color%3A%20black%3B%22%3EStay%20tuned.%20Your%20feedback%20is%20welcome%3C%2FSPAN%3E%20!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-393549%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Alert%20enhancement%3A%20Suspicious%20Authentication%20Failure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-393549%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F169208%22%20target%3D%22_blank%22%3E%40Haim%20Behar%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20is%20not%20inside%20ATA.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3ETali%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-393525%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Alert%20enhancement%3A%20Suspicious%20Authentication%20Failure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-393525%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F104809%22%20target%3D%22_blank%22%3E%40Tali%20Ash%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGood%20morning%2C%3C%2FP%3E%3CP%3EThis%20is%20also%20available%20in%20ATA%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHaim.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Suspicious authentication failures security alert now includes an improved logic that also detects Password Spraying.

 

In Password Spraying attackers try few carefully crafted passwords against many known user accounts. Password spraying attacks have proven to be effective at gaining an initial foothold in an organization. It has quickly become a favorite technique of both attackers and pen testers.

 

In addition, we added more evidences to give you relevant data on what happened that will help you start the investigation.

BFimproved.PNG

Stay tuned. Your feedback is welcome !

2 Replies

@Tali Ash 

Good morning,

This is also available in ATA ?

 

Haim.

Hi @Haim Behar ,

 

It is not inside ATA.

 

Thanks,

Tali