Microsoft Sentinel Now Lets IT Admins Detect Low and Slow Password Spray Attacks
Microsoft has released a new guided hunting notebook for its Microsoft Sentinel solution. The notebook enables organizations to leverage machine learning to detect, investigate as well as block low and slow password spray campaigns.
Password spraying is a type of brute force attack that allows malicious actors to gain unauthorized access to computer systems. Hackers use a dictionary of commonly used passwords to log in to a large number of user accounts within an organization.
Microsoft explains that many businesses use modern security mechanisms to block traditional password spraying attacks. It is one of the reasons that state-sponsored attacks have switched to low and slow techniques to prevent account lockouts. They use open source tools to automate these attacks and free or paid proxy services to avoid detection.
“Low and slow sprays are a variant on traditional password spray attacks that are being increasingly used by sophisticated adversaries such as NOBELIUM, STRONTIUM and HOLMIUM. These adversaries can randomize client fields between each sign in attempt, including IP addresses, user agents and client application,” Microsoft’s threat intelligence team explained.
Microsoft Sentinel uses ML to identify potential password spray attempts
The new Microsoft Sentinel notebook uses data analytics and machine learning techniques to hunt low and slow password spray attacks. It lets IT admins detect and cluster anomalous fields for each failed sign-in attempt and analyze them to find invariant properties. Lastly, Sentinel incidents are created based on the results and sent for further investigation and response.
To get started, Microsoft Sentinel customers can access and run the guided hunting notebook by heading to the “Templates” tab in the Notebooks blade. Once a password spray campaign is detected, IT admins will need to follow the process detailed on this support page to mitigate risks and protect sensitive information in enterprise networks.
More in Security
Git Releases New Security Updates to Block Remote Code Execution Attacks
Jan 18, 2023 | Rabia Noureen
PyTorch Discloses Internal Dependency Compromised with Malicious Code
Jan 4, 2023 | Rabia Noureen
How to Create Conditional Access Policies using PowerShell
Jan 4, 2023 | Liam Cleary
Bitwarden – An Open-Source Alternative to LastPass for Business and Personal Use
Jan 3, 2023 | Russell Smith
LastPass Confirms Hackers Stole Personal Data and Encrypted Password Vaults
Dec 23, 2022 | Rabia Noureen
How Does eDiscovery Work Within Microsoft 365?
Dec 23, 2022 | Liam Cleary
Most popular on petri