Microsoft is now far better equipped to protect against password spray attacks

Image Credit: Microsoft (Image credit: Image Credit: Microsoft)

Microsoft has bolstered its credential compromise detection capabilities to better defend against password spray attacks. The solution uses machine learning to double the detection rate, while maintaining a 98% level of precision.

“Password spray is one of the most popular attacks, accounting for more than a third of account compromise in organizations,” Alex Weinert, the Director of Identity Security at Microsoft, explained in a blog post

“In these attacks, bad actors try a few common passwords against many accounts from different organizations. Instead of trying many passwords against one user, they try to defeat lockout and detection by trying many users against one password. Effective forms of this attack are "low and slow,” where the bad actor uses thousands of IP addresses (such as from a botnet) to attack many tenants with a few common passwords. From any one tenant’s view, there are so few login attempts with such poor consistency that the attack is undetectable.”

Microsoft built the new solution within Azure Active Directory (Azure AD) by focusing on heuristic detection, tracking the pattern of a password spray attack across global traffic networks. Data scientists then started training a machine learning system based on noticeable deviations in account behaviour.

Password protected

Because password spray attacks involve just one or two password attempts against each account, they are not usually detected by traditional protection solutions. Automation software like Microsoft’s new machine learning tool is increasingly required to catch the most sophisticated cyberattacks.

According to internal analysis, every day Azure AD’s machine learning and heuristic systems evaluate the risk associated with 18 billion login attempts, with around 300 million coming from malicious entities. The sheer scale of the cyber threat facing large businesses simply couldn’t be tackled manually.  

Via Bleeping Computer

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.