How Does a Password-Spraying Attack Happen?
A compromised username from a prior breach or data leak may be purchased by the cyberattacker, or they may compile a list using standard default username formats. An attacker might, for instance, extract usernames from a list of workers from a corporate directory or LinkedIn page. For instance, the attacker might potentially look up the usernames of particular employees and target them.
The cyberattacker applies one password to each username after obtaining their lists of usernames and passwords, then repeats the procedure with the next password. An attacker can evade the account lockout policies that result from making too many login attempts by attempting one password at a time.
What is Password Spraying?
Password Spraying is an attack in which an attacker uses a set of commonly used passwords to access a large number of accounts. The attack is perpetrated in such a way that the attacker evades account lockouts on the attempted user accounts.
In society, traditional cyber criminals try to attack an account by tracking the access point of what they want to hack and try multiple possible passwords to hack into people’s accounts.
The possible passwords can be predicted as follows:
- Trying common names. For example, fluffy, joey, etc
- Tracking down the same passwords on different websites and credentials.
- Guessing the password through social media or in-person insights.
Nowadays, hackers use new techniques such as Password-spraying. We’ll know more about it in the article.