Details
The attackers obtain the identity data of the attacked user in advance, either through Password Spraying or in another way. Password Spraying is an attack method in which the attacker tries to identify himself using a single password or a small number of passwords, for all the usernames he can find or guess.
ways of handling
- The best defense method against password spraying, and other attacks that involve guessing or pre-obtaining a password, is to use strong authentication (MFA).
- It is highly recommended to use strong authentication (MFA) for all Office 365 accounts you have, and also for private email accounts, as much as possible.
- It is highly recommended to use identification solutions such as Authenticator, based on a numerical password that changes automatically every 30 seconds.
- There are additional recommendations regarding traffic blocking of various types. For details, see the first link below in the “Sources” section.
- Links 2 to 6 detail general ways of dealing with attacks on Microsoft’s cloud infrastructures.
- Link 7 details what a Password Spraying attack is.
sources
https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/
https://us-cert.cisa.gov/ncas/alerts/aa21-008a
https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment
https://github.com/cisagov/Sparrow
https://us-cert.cisa.gov/ncas/alerts/aa20-120a
https://us-cert.cisa.gov/ncas/analysis-reports/AR19-133A
https://attack.mitre.org/techniques/T1110/003/
Sharing information with the national CERT does not replace the obligation to report to any governing body, insofar as such an obligation applies to the body.
The information is provided as it is (as is), its use is the responsibility of the user and it is recommended to use a professional with appropriate training for its implementation.