2023 Global Report: Ransomware Trends

Ransomware is a problem that everyone has but no one wants to talk about publicly. These are lessons learned from 1,200 victims.
7 Best Practices for Ransomware Recovery

Ransomware is the worst kind of disaster. That’s why reading this white paper on the seven best practices for ransomware is so critical to your organization.

Microsoft Sentinel Now Lets IT Admins Detect Low and Slow Password Spray Attacks

Microsoft has released a new guided hunting notebook for its Microsoft Sentinel solution. The notebook enables organizations to leverage machine learning to detect, investigate as well as block low and slow password spray campaigns.

Password spraying is a type of brute force attack that allows malicious actors to gain unauthorized access to computer systems. Hackers use a dictionary of commonly used passwords to log in to a large number of user accounts within an organization.

Microsoft explains that many businesses use modern security mechanisms to block traditional password spraying attacks. It is one of the reasons that state-sponsored attacks have switched to low and slow techniques to prevent account lockouts. They use open source tools to automate these attacks and free or paid proxy services to avoid detection.

“Low and slow sprays are a variant on traditional password spray attacks that are being increasingly used by sophisticated adversaries such as NOBELIUM, STRONTIUM and HOLMIUM. These adversaries can randomize client fields between each sign in attempt, including IP addresses, user agents and client application,” Microsoft’s threat intelligence team explained.

Microsoft Sentinel uses ML to identify potential password spray attempts

The new Microsoft Sentinel notebook uses data analytics and machine learning techniques to hunt low and slow password spray attacks. It lets IT admins detect and cluster anomalous fields for each failed sign-in attempt and analyze them to find invariant properties. Lastly, Sentinel incidents are created based on the results and sent for further investigation and response.

To get started, Microsoft Sentinel customers can access and run the guided hunting notebook by heading to the “Templates” tab in the Notebooks blade. Once a password spray campaign is detected, IT admins will need to follow the process detailed on this support page to mitigate risks and protect sensitive information in enterprise networks.

by Rabia Noureen
Last Update: Feb 02, 2023
Aug 15, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Create Conditional Access Policies using PowerShell

Jan 4, 2023
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.

2023 Global Report: Ransomware Trends

7 Best Practices for Ransomware Recovery

Microsoft Sentinel Now Lets IT Admins Detect Low and Slow Password Spray Attacks

Microsoft Sentinel uses ML to identify potential password spray attempts