Security News > 2020 > October > Microsoft Introduces New Password Spray Detection for Azure

Microsoft Introduces New Password Spray Detection for Azure
2020-10-27 15:54

Microsoft this week announced the availability of a new password spray detection for Azure AD Identity Protection customers.

According to Microsoft, password spray attacks yield a 1% success rate, but only if the targeted accounts don't use password protection.

A look at such attacks across Azure Active Directory tenants around the world can reveal the patterns of a password spray: the attempts that use the same password generate the same hash, making them traceable.

"The huge elevation of a single hash failing across many accounts indicates a single password being attempted against hundreds of thousands of usernames from many tenants-a password spray attack in progress," Microsoft explains.

Using this approach, the tech company came up with a heuristic detection for password spray, which allowed it to warn tenants "Of hundreds of thousands of attacks monthly." Based on this, the company built a new tool for password spray risk detection.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/MKT7N7ufqNY/microsoft-introduces-new-password-spray-detection-azure

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399