Password Spraying is a technique that attackers leverage to guess the password of an account. By trying a small number of highly common passwords against large numbers of accounts while also staying below an organization’s defined lockout threshold, the attacker can compromise accounts without any elevated privileges and likely without detection.
Stealthbits’ products provide a multitude of ways to detect and mitigate Password Spraying.
Detect Password Spraying Attack
Detection of Password Spraying is possible by looking for patterns that indicate password guessing is taking place across numerous accounts.
APPROACH #1
Bad User ID Attacks
DESCRIPTION
Monitor for attempts to authenticate using non-existent user accounts. Many times, password spraying tools will attempt to guess account names rather than attacking a list of known accounts.
Mitigation of password spraying is possible by enforcing strong password standards and reducing password sharing across accounts.
APPROACH #1
Enforce Strong Passwords
DESCRIPTION
The best way to mitigate Kerberoasting is to enforce long, complex and regularly changing passwords for service accounts. Also, reduce sharing of passwords across accounts and using easily guessed passwords that may appear in hacker dictionaries.