A new attack on Citrix, March 8, 2019, using a technique called password spraying places significance on a chief issue that passwords pose for companies; end-users that select weak passwords or use login credentials on different sites leave their organizations open to compromise.
Password spraying is the attack method which takes many possible usernames and loops them with a single, normally well-known and used, password, like Password123. Attackers use this method with a short list of passwords to attack sites and find vulnerable systems in a company’s network.
Jason A. Hollander, CEO and co-founder of Cymatic Security, states that password spraying as well as credential stuffing are increasingly widespread. He sees the need for companies to focus on taking means to protect against these attacks.
The criminal element use password spraying rather than other brute force attacks in hopes to avoid the common validation steps like timing out that normally alert analysts in a SOC (security operation center). Once someone gains access to a network, they launch more advanced methods to spread things like ransomware, an attack that holds data for a ransom, or malware that allows unauthorized use to gain consistent access to the network.
Password spraying typically uses a list of common passwords. Passwords stolen and leaked from prior breaches are used in hopes that people reuse passwords at work that they use in their personal affairs. A list of the top-1,000 passwords is effective 75% of the time, according to the U.K.’s National Cyber Security Centre. The agency recommends that companies deploy technologies that have proven effective against password-spraying attacks, multi-factor authentication, and regularly audit employees’ passwords against a list of the top-1000 or 10,000 most popular passwords.
According to information derived from FBI investigations, malicious cyber actors are increasingly using a password spraying against organizations in the United States and abroad. The agencies declared this in a US-CERT technical alert issued March 27, 2018. (Alert (TA18-086A) Brute Force Attacks Conducted by Cyber Actors)
Prompting the alert is the disclosure of a federal indictment against nine Iranian nationals associated with the Mabna Institute, a private Iran-based company accused of hacking on behalf of the Iranian government. The focus of the indictment is a massive, four-year spear phishing campaign to steal credentials from thousands of university professors looking for publications that allegedly advance Iranian research interests. Part of the alleged Iranian effort showed thirty-six private companies in the United States, eleven companies in Europe and multiple U.S. government agencies and non-government organizations were attacked. The method of attack for those organizations was password spraying.
These types of attacks are hard to protect against, until now.
Cymatic Security, a US based cybersecurity company, has a solution that protects a company’s networks against password spraying brute force attacks. Cymatic’s user risk management platform enables businesses to gain visibility and take control of the risks and threats users and devices pose to their online applications. Cymatic’s leadership team has built, deployed, scaled, and supported the most sophisticated and demanding security solutions in the world for companies such as RSA Security, Dell, Lockheed Martin, Google, Walmart, Apple and Boeing.