Why Is Microsoft Warning Users About Password Spraying?
As modern warfare has evolved, so too has cyberwarfare. There is always a war occurring in cyberspace, where hackers attempt to outdo security researchers. One such example of hackers—often sponsored by government agencies—attempting to engage in cyberwarfare can be seen in the United States and Israeli technology sectors, which have become the target of password spraying.
What is Password Spraying?
Password spraying involves hacking into multiple accounts by spamming commonly used passwords. Think of passwords that include birthdays, names, or even the word “password,” itself. A good password strategy will require users to create passwords that meet a high standard of difficulty to guess, including special characters or needing to be a certain length for example. But, considering how frequently people still use common passwords, as well as variations of those passwords, one can imagine how effective this tactic can be!
In the scenario outlined above, Microsoft has issued a warning that about 250 Microsoft Office 365 customers in the defense technology sectors have been targeted by password spraying tactics. Microsoft calls this group DEV-343, with the DEV in the name representing the fact that the attacks are, at this time, not sponsored by state actors. This group is thought to originate from Iran.
Less than 20 of the targets were actually compromised, but it’s still shocking to see high-profile targets o