Password spraying is an attack technique that attempts to target a large number of usernames with a few known passwords or commonly used passwords. Password spraying attack is also known as ‘reverse brute-force attack’ as it will reverse the attack technique by starting with the known password and trying it against a list of possible usernames.
Password spraying attacks usually target Single Sign-On (SSO) applications, cloud-based applications, and email applications.
How does Password Spraying attack work?
In this technique, attackers attempt a single commonly used password against multiple usernames before moving on to attempt the second password.
Examples of Password Spraying attack
Example 1 - Attackers leveraged Password Spraying attack to target Citrix
Citrix learned from FBI on March 6, 2019, that cybercriminals gained unauthorized access to Citrix internal network and downloaded business documents. FBI advised Citrix that the attackers might have used a tactic known as ‘password spraying’ to gain access to Citrix internal network.
Example 2 - Password spraying campaigns exploit IMAP
Attackers leveraging password spraying technique are exploiting Internet Message Access Protocol (IMAP) to break into companies’ cloud accounts.
Proofpoint conducted a six-month study that analyzed over 100,000 unauthorized logins across millions of monitored cloud user-accounts and found out that almost 60% of Microsoft Office 365 and G Suite users were targeted with IMAP-based password-spraying attacks. Of the 60%, 25% of targeted users were successfully breached.
The study also revealed that the majority of IMAP-based password spraying attacks originated in China (53%) followed by Brazil (39%), and the US (31%).
How to stay protected?