apcid_banner

A.P C.I.D,Cyber Crimes Alert on password Spraying attack

MODUS OPERANDI:

  • Using social engineering tactics attackers perform online research (i.e google)to identify target organizations and specific user accounts for initial password spray
  • Using easy –to-guess passwords (e.gwelcome123”, company@123) and Publicly available tools, execute a password spray attack against targeted accounts by utilizing the identified SSO or web-based Application and federated authentication method.
  • Leveraging the initial group of compromised accounts, downloading the Global Address List (GAL) from a targets email client, and performing a Larger password spray against legitimate accounts
  • Using the compromised access, attempting to expand laterally (e.g.Via   Remote Desktop Protocol) within the network, and performing mass dataexfiltration using File Transfer Protocol tools.

CAUTION FOR PUBLIC:

  • To Use multifactor authentication to reduce the impact of password Compromise.
  • To Update network infrastructure devices and devices being used to Connect remotely to work environments with the latest software  patchesand configurations.
  • To Protect the management interfaces of critical operational systems.- Especially using browse-down architecture to prevent attackers from Easily gaining privileged access to the most vital assets.
  • To Set up a security monitoring capability to collect data needed to analyses network intrusions

Go Back