Some Examples of Password Spraying
While specific victims of password spraying attacks may not always be publicly disclosed due to confidentiality concerns, several high-profile incidents have been reported in recent years. Here are a few examples:
1. City of London: In 2019, the City of London Corporation, responsible for governing the financial district, experienced a password spraying attack targeting its email systems. The attack aimed to gain unauthorized access to email accounts and sensitive information.
2. Microsoft Office 365 Users: Numerous organizations and individuals using Microsoft Office 365 have fallen victim to password spraying attacks. These attacks often target email accounts, cloud storage, and other Office 365 services to steal sensitive information or launch further attacks.
3. Healthcare Organizations: Multiple healthcare organizations, including hospitals, clinics, and medical research institutions, have been targeted by password-spraying attacks. These attacks aim to compromise patient records, medical data, and other sensitive information stored within healthcare systems.
4. Financial Services Firms: Banks, insurance companies, and other financial institutions have been victims of password-spraying attacks, with attackers attempting to gain unauthorized access to customer accounts, financial data, and sensitive internal systems.
5. Educational Institutions: Schools, colleges, and universities have faced password spraying attacks targeting student and faculty accounts, educational resources, and administrative systems. These attacks can disrupt online learning platforms, compromise research data, and expose sensitive information.
What is Password Spraying?
Password Spraying is an attack in which an attacker uses a set of commonly used passwords to access a large number of accounts. The attack is perpetrated in such a way that the attacker evades account lockouts on the attempted user accounts.
In society, traditional cyber criminals try to attack an account by tracking the access point of what they want to hack and try multiple possible passwords to hack into people’s accounts.
The possible passwords can be predicted as follows:
- Trying common names. For example, fluffy, joey, etc
- Tracking down the same passwords on different websites and credentials.
- Guessing the password through social media or in-person insights.
Nowadays, hackers use new techniques such as Password-spraying. We’ll know more about it in the article.