Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Microsoft Upgrades Password Spray Attack Detection Capabilities

Microsoft Upgrades Password Spray Attack Detection Capabilities

Microsoft has improved password spray detection in Azure Active Directory (Azure AD) by doubling the number of compromised accounts it detects using a new machine learning (ML) system.

“This new machine learning detection yields a 100 percent increase in recall, meaning it detects twice the number of compromised accounts of the previous algorithm,” said Alex Weinert, Director of Identity Security at Microsoft.

“It does this while maintaining the previous algorithm’s amazing 98 percent precision—meaning if this algorithm says an account fell to password spray, it’s almost certain that it did.”

Machine learning used to boost detection efficiency

Microsoft built a heuristic engine focused on detecting password spray attack, which helped the company to spot and alert tenants of hundreds of thousands of attacks each month (350,000 in April 2018).

This detection engine provides Azure AD customers with access to the Identity Protection feature (via an Azure AD Premium P2 license) notifications when a passwords spray attack is detected.

Also Read: Basic Info On How Long To Keep Accounting Records In Singapore?

Now, the company has improved the credential compromise detection engine for Azure AD Identity Protection customers with a new machine learning system that uses known attack patterns and additional data to boost attack detection efficiency.

The data used by the new ML mode used to boost credential compromise detection capabilities includes but it’s not limited to various account behavior deviation signals such as unfamiliar sign-in properties and IP reputation.

Password spray detection

“This new password spray detection is a great example of how we use intelligence gained across Microsoft’s identity systems to continuously expand and improve our protections—which you can use to automate processes in Azure AD Conditional Access, in Azure Sentinel, or through the APIs for anything you can imagine,” Weinert added.

Built-in Azure AD password spray protection

Threat actors launch password spray attacks via large botnets to trying to brute-force the accounts of one or more organizations by matching the usernames with a shortlist of common (usually weak) passwords, allowing them to hide failed attempts using different IP addresses.

This also enables them to defeat automated defenses designed to block multiple failed login attempts such as malicious IP blocking and password lockout.

Azure AD Password Protection was launched in April 2019 (in public preview since September 2019) to reduce the risks behind password spray attacks by blocking users from choosing easy to guess passwords, drastically reducing the success rate of such attacks to about 1% says Weinert.

“Each color tracks a different password hash for login attempts with incorrect passwords in Azure Active Directory (Azure AD). Looking across millions of tenants, we can see the pattern of a password spray attack,” Weinert explained.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

Password spray attack (Microsoft)

“Normally the graph would be flat and evenly dispersed as you see on the left side. The huge elevation of a single hash failing across many accounts indicates a single password being attempted against hundreds of thousands of usernames from many tenants—a password spray attack in progress.”

To get started with Azure AD Password Protection, you have to sign into Azure Portal as a global administrator, navigate to Azure Active Directory > Authentication methods, where you can manage Password protection.

Customers with access to Azure AD Identity Protection can access the new risk detection reports in the portal and using the APIs for Identity Protection.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us