Search the Petri IT Knowledgebase
search icon

close

Icon for On-demand Conference

On-demand Conference

Virtual Desktop Infrastructure 1-Day Virtual Conference

Icon for New E-Book

New E-Book

Microsoft Teams Backup

Icon for Latest Whitepaper

Latest Whitepaper

7 Critical Reasons for Microsoft 365 Backup

Icon for New E-Book

New E-Book

4 Strategies for Cloud Storage Optimization

Home

Microsoft Sentinel

Security

Microsoft Sentinel Now Lets IT Admins Detect Low and Slow Password Spray Attacks

Rabia Noureen

 |

Aug 15, 2022

Security

Microsoft has released a new guided hunting notebook for its Microsoft Sentinel solution. The notebook enables organizations to leverage machine learning to detect, investigate as well as block low and slow password spray campaigns.

Password spraying is a type of brute force attack that allows malicious actors to gain unauthorized access to computer systems. Hackers use a dictionary of commonly used passwords to log in to a large number of user accounts within an organization.

Microsoft explains that many businesses use modern security mechanisms to block traditional password spraying attacks. It is one of the reasons that state-sponsored attacks have switched to low and slow techniques to prevent account lockouts. They use open source tools to automate these attacks and free or paid proxy services to avoid detection.

“Low and slow sprays are a variant on traditional password spray attacks that are being increasingly used by sophisticated adversaries such as NOBELIUM, STRONTIUM and HOLMIUM. These adversaries can randomize client fields between each sign in attempt, including IP addresses, user agents and client application,” Microsoft’s threat intelligence team explained.

Microsoft Sentinel uses ML to identify potential password spray attempts

The new Microsoft Sentinel notebook uses data analytics and machine learning techniques to hunt low and slow password spray attacks. It lets IT admins detect and cluster anomalous fields for each failed sign-in attempt and analyze them to find invariant properties. Lastly, Sentinel incidents are created based on the results and sent for further investigation and response.

To get started, Microsoft Sentinel customers can access and run the guided hunting notebook by heading to the “Templates” tab in the Notebooks blade. Once a password spray campaign is detected, IT admins will need to follow the process detailed on this support page to mitigate risks and protect sensitive information in enterprise networks.

More from Rabia Noureen

Teams hero approved 2

Microsoft Teams Added Native Apple Silicon Support and More in August and September

M365 Changelog: (Updated) Schedule Send for Teams Chat
Datacenter networking servers

Microsoft Warns About New Zero-Day Vulnerabilities in Exchange Server

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Security

Security

Petri Dish: Cybersecurity vs IT Security with Devolutions

Sep 28, 2022 | Russell Smith

Security

Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator

Sep 22, 2022 | Rabia Noureen

Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices

Sep 12, 2022 | Rabia Noureen

Security

LastPass Confirms Internal Source Code Compromised in Security Breach

Aug 26, 2022 | Rabia Noureen

Security

Avast Gets New Ransomware Shield to Protect Small Businesses

Aug 24, 2022 | Rabia Noureen

Mandiant Warns Hackers Now Use New Trick to Bypass MFA

Aug 22, 2022 | Rabia Noureen

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use