EXECUTIVE SUMMARY:

Spraying graffiti might have once had a cool side to it, but there’s no cool side to the cyber security attack vector known as password spraying. With this technique, threat actors test a small series of common passwords against a large volume of usernames, and then take advantage of any accounts that they can wrangle their way into.

In February of 2018, nine individuals were indicted on account of password spraying, leading the FBI to release a memo about the practice. In 2019, the issue has risen to prominence again, beginning with the network attack on the Australian Parliament last month. The group behind the Australian attack, among other attacks, is believed to be Iridium, an Iranian cyber espionage unit.

As an increasing number of organizations get hit with this cyber threat tactic; “It’s another sign that, as an industry, we must focus on addressing the root cause of most data breaches- the inherent weakness of the password as our central means of enterprise authentication,” states an industry executive.

The U.K’s National Cyber Security Centre (NCSC) recently conducted a survey that asked organizations to review their level of vulnerability to a password spraying event. The survey concluded that 75% of organizations utilized passwords that were within the top 1,000 routinely used, easily hacked passwords.

To insure that your password is still going strong, test it through the site How Secure Is My Password, which provides instant evaluations.

When it comes to insuring that your business can successfully stand up to cyber threats, password managers, closing the loop on backdoor areas, two-factor authentication on externally reachable end-points, and biometric passwords are all worthy options for enhancing your security.

Learn more at the U.K’s National Cyber Security Centre.