Microsoft Sentinel Now Lets IT Admins Detect Low and Slow Password Spray Attacks
Microsoft has released a new guided hunting notebook for its Microsoft Sentinel solution. The notebook enables organizations to leverage machine learning to detect, investigate as well as block low and slow password spray campaigns.
Password spraying is a type of brute force attack that allows malicious actors to gain unauthorized access to computer systems. Hackers use a dictionary of commonly used passwords to log in to a large number of user accounts within an organization.
Microsoft explains that many businesses use modern security mechanisms to block traditional password spraying attacks. It is one of the reasons that state-sponsored attacks have switched to low and slow techniques to prevent account lockouts. They use open source tools to automate these attacks and free or paid proxy services to avoid detection.
“Low and slow sprays are a variant on traditional password spray attacks that are being increasingly used by sophisticated adversaries such as NOBELIUM, STRONTIUM and HOLMIUM. These adversaries can randomize client fields between each sign in attempt, including IP addresses, user agents and client application,” Microsoft’s threat intelligence team explained.
Microsoft Sentinel uses ML to identify potential password spray attempts
The new Microsoft Sentinel notebook uses data analytics and machine learning techniques to hunt low and slow password spray attacks. It lets IT admins detect and cluster anomalous fields for each failed sign-in attempt and analyze them to find invariant properties. Lastly, Sentinel incidents are created based on the results and sent for further investigation and response.
To get started, Microsoft Sentinel customers can access and run the guided hunting notebook by heading to the “Templates” tab in the Notebooks blade. Once a password spray campaign is detected, IT admins will need to follow the process detailed on this support page to mitigate risks and protect sensitive information in enterprise networks.
More in Security
Petri Dish: Cybersecurity vs IT Security with Devolutions
Sep 28, 2022 | Russell Smith
Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator
Sep 22, 2022 | Rabia Noureen
Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices
Sep 12, 2022 | Rabia Noureen
LastPass Confirms Internal Source Code Compromised in Security Breach
Aug 26, 2022 | Rabia Noureen
Avast Gets New Ransomware Shield to Protect Small Businesses
Aug 24, 2022 | Rabia Noureen
Mandiant Warns Hackers Now Use New Trick to Bypass MFA
Aug 22, 2022 | Rabia Noureen
Most popular on petri