Who Uses Password-Spraying?
Password-spraying attacks are simple to conduct, and any hacker, regardless of skill level, can take advantage of them. The investigating agency must determine whether any additional mechanisms such as a middle-man attack, inserting of some virus, or spoofing through fabricated senders or people were included as part of the overall attack. These attacks are commonly done by cybercrime syndicates, which are criminal organizations performing cybercrimes.
Some of the most prevalent cybercrime syndicates that utilize password-spray attacks include Iranian-sponsored Peach Sandstorm, aka Holmium and APT33, and Russian-sponsored Midnight Blizzard, aka Nobelium.
What is Password Spraying?
Password Spraying is an attack in which an attacker uses a set of commonly used passwords to access a large number of accounts. The attack is perpetrated in such a way that the attacker evades account lockouts on the attempted user accounts.
In society, traditional cyber criminals try to attack an account by tracking the access point of what they want to hack and try multiple possible passwords to hack into people’s accounts.
The possible passwords can be predicted as follows:
- Trying common names. For example, fluffy, joey, etc
- Tracking down the same passwords on different websites and credentials.
- Guessing the password through social media or in-person insights.
Nowadays, hackers use new techniques such as Password-spraying. We’ll know more about it in the article.