The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are releasing a warning related to password spraying attacks, a form of brute force attack.
According to the alert, malicious actors are increasingly using brute force attacks also known as “password spraying” to target organizations in the United States and abroad. These campaigns often target Single sign-on (SSO) installations as well as email applications.
The DHS and FBI issued an excerpt of the attack:
“In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow three to five bad attempts during a set period of time. During a password-spray attack (also known as the “low-and-slow” method), the malicious actor attempts a single password against many accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.”
This is a similar threat to the Talos report that we highlighted earlier regarding the GoScanSSH malware that targets weak or default passwords on SSH servers.
- GoScanSSH malware targets default and weak passwords
- Microsoft update for Microsoft Exchange Server zero-day vulnerabilities
- Microsoft releases out-of-band patch for Endpoint Configuration Manager
- Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam
- Microsoft issues emergency Exchange server patch
- Iranian state-sponsored APT actors target Microsoft Exchange and Fortinet vulnerabilities
- CHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks
- Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks