Microsoft has bolstered its credential compromise detection capabilities to better defend against password spray attacks. The solution uses machine learning to double the detection rate, while maintaining a 98% level of precision.
“Password spray is one of the most popular attacks, accounting for more than a third of account compromise in organizations,” Alex Weinert, the Director of Identity Security at Microsoft, explained in a blog post (opens in new tab).
“In these attacks, bad actors try a few common passwords against many accounts from different organizations. Instead of trying many passwords against one user, they try to defeat lockout and detection by trying many users against one password. Effective forms of this attack are "low and slow,” where the bad actor uses thousands of IP addresses (such as from a botnet) to attack many tenants with a few common passwords. From any one tenant’s view, there are so few login attempts with such poor consistency that the attack is undetectable.”
- The best password generator (opens in new tab) for your business
- The best antivirus software (opens in new tab) available
- The best endpoint protection solution (opens in new tab)
Microsoft built the new solution within Azure Active Directory (Azure AD) by focusing on heuristic detection, tracking the pattern of a password spray attack across global traffic networks. Data scientists then started training a machine learning system based on noticeable deviations in account behaviour.
Because password spray attacks involve just one or two password attempts against each account, they are not usually detected by traditional protection solutions. Automation software like Microsoft’s new machine learning tool is increasingly required to catch the most sophisticated cyberattacks.
According to internal analysis, every day Azure AD’s machine learning and heuristic systems evaluate the risk associated with 18 billion login attempts (opens in new tab), with around 300 million coming from malicious entities. The sheer scale of the cyber threat facing large businesses simply couldn’t be tackled manually.
- We've featured the best password managers (opens in new tab).
- We've also highlighted the best identity management software (opens in new tab)
Via Bleeping Computer (opens in new tab)