What is the Password Spray?

When thinking about hacking passwords, you can imagine a hacker trying hundreds of passwords on an account. Although this is still happening, it is not always the case. Sometimes a hacker will implement password spray method instead.

Join TipsMake.com to find out what password spray is and what you can do to protect yourself through the following article!

What is password spray?

If a normal hack involves trying many different passwords on several accounts, password spray does the opposite. It happens when a hacker has access to many different account names and tries to invade them by using only a few passwords.

Hackers will not be able to perform normal hacking methods, if the security for the account is tightened. A security system will recognize that someone is constantly trying to access the account and will lock that account to protect the privacy of the object involved. You may have experienced this yourself when entering your password into an incorrect service too many times. Then the account will be locked.

If hackers use only a small number of passwords for each attack, what password are they using? The best option for hackers is to use some of the most commonly used passwords on the Internet. That way, they maximize the chance of successful account penetration.

Is the password you are using too weak?

What is the Password Spray? Picture 1

Of course, this attack depends entirely on someone using the password too commonly on their account. However, in this day and age, is it possible for someone to use one of these passwords?

Unfortunately, everyone's password habits have not improved much over the years. NCSC has conducted research on several organizations to test 'sensitivity' to a password spray attack. The study found that 75% of organizations have at least one account using the top 1000 passwords and 87% have at least one top 10,000 account password. .

This is a security hole that users of password spray techniques aim to exploit. Just a certain user in an organization that uses weak passwords has the opportunity to attack a password spray that takes place. When hackers infiltrate that account, they can use this lever to go deeper into the system.

Who is at risk of attacking password spray?

What is the Password Spray? Picture 2

Often, hackers use these attacks to target large businesses and organizations. They also use password spray against users in a database leak, where hackers have a large number of account names but do not have a password.

Any situation where hackers hold countless accounts in their hands, but only a limited way to attack each person, that is, password spray becomes the preferred method of attack.

If hackers get information about an account on the site, but the site only allows 5 password attempts before the account is locked, the hacker will use the 5 most used passwords in the hope of the account. that will use them.

Has password spray happened in practice?

In the ideal world, everyone in an organization will use strong passwords to avoid attackers using password spray techniques. Unfortunately, in the past, hackers had succeeded with this strategy, so that Redmond Mag had to report how password password was growing rapidly in 2018.

Many attacks focus on businesses, to steal valuable business documents for profit. Organizations may also have their own username structure to help hackers easily collect lists and perform attacks.

Threatpost reported on Citrix software virtualization businesses being attacked by password spray, after one of the company's accounts was compromised. Hackers quickly steal valuable business documents, through the discovery rights in the accounts they access.

The frightening part of this attack is that it happens very quietly. Citrix didn't know the attack even happened until the FBI informed them.

How to fight password spray?

What is the Password Spray? Picture 3

The solution to this attack is very simple. Please use stronger passwords! Password spray is entirely dependent on whether you use the password in the list of 100 most used passwords.

By making your password more complex, you've taken yourself out of the password group that attackers password spray will use against you. If your password is one of the weakest passwords, remember to change it immediately!

If you want to dig a little deeper, Password Random has a list of 10,000 most used passwords. Refer to:

 https://www.passwordrandom.com/most-popular-passwords 

What makes a strong password?

Now, you know what makes a weak password, so what makes a strong password?

The problem with passwords is that the more complex they are, the stronger they are. But the more complex it is, the harder it is to remember.

The reason people use passwords like 'password' or '12345' is because they are easy to remember and enter. There are no capital letters or special symbols in it. But it is capital letters or special symbols that are what you need to defeat a password attack attacker.

Thankfully, there are many ways to create a password that is both powerful and easy to remember. Refer to the article: Summary of how to create strong passwords and manage the most secure passwords for more details.

Spray passwords are a concern for users and businesses that do not use strong passwords. Sometimes, just a weak password account is possible for hackers to use leverage to inflict additional damage in the system. Thankfully, by consolidating the password and using 2FA (two-factor authentication), you can protect yourself.

Unfortunately, password spray is not the only tactic that hackers use. Refer to some related articles for more details:

1. What is Social Engineering? How to prevent Social Engineering?
2. What is a keylogger?
3. How Phishing works
4. Learn about Brute Force attack