A.P C.I.D,Cyber Crimes Alert on password Spraying attack
Using social engineering tactics attackers perform online research (i.e google)to identify target organizations and specific user accounts for initial password spray
Using easy –to-guess passwords (e.gwelcome123”, company@123) and Publicly available tools, execute a password spray attack against targeted accounts by utilizing the identified SSO or web-based Application and federated authentication method.
Leveraging the initial group of compromised accounts, downloading the Global Address List (GAL) from a targets email client, and performing a Larger password spray against legitimate accounts
Using the compromised access, attempting to expand laterally (e.g.Via Remote Desktop Protocol) within the network, and performing mass dataexfiltration using File Transfer Protocol tools.
CAUTION FOR PUBLIC:
To Use multifactor authentication to reduce the impact of password Compromise.
To Update network infrastructure devices and devices being used to Connect remotely to work environments with the latest software patchesand configurations.
To Protect the management interfaces of critical operational systems.- Especially using browse-down architecture to prevent attackers from Easily gaining privileged access to the most vital assets.
To Set up a security monitoring capability to collect data needed to analyses network intrusions