Security News > 2020 > October > Microsoft Introduces New Password Spray Detection for Azure
Microsoft this week announced the availability of a new password spray detection for Azure AD Identity Protection customers.
According to Microsoft, password spray attacks yield a 1% success rate, but only if the targeted accounts don't use password protection.
A look at such attacks across Azure Active Directory tenants around the world can reveal the patterns of a password spray: the attempts that use the same password generate the same hash, making them traceable.
"The huge elevation of a single hash failing across many accounts indicates a single password being attempted against hundreds of thousands of usernames from many tenants-a password spray attack in progress," Microsoft explains.
Using this approach, the tech company came up with a heuristic detection for password spray, which allowed it to warn tenants "Of hundreds of thousands of attacks monthly." Based on this, the company built a new tool for password spray risk detection.