Η Microsoft has significantly improved the password spray detection capabilities on Azure Active Directory (Azure AD) and has reached the point of detecting twice the number of breached accounts, thanks to a new system machine learning (ML).
"This new detection method is based on machine learning detects twice as many compromised accounts as the previous algorithmSaid Alex Weinert, Director of Microsoft Identity Security.
"It does this while maintaining the astonishing 98% accuracy of the previous algorithm - which means that if this algorithm says that an account has been compromised by password spray technique, it is almost certain that it has indeed been violated".
Machine learning is used for the most effective detection of attacks
Microsoft has developed a machine that focuses on detecting password spray attacks and has allowed the company to detect and alert hundreds of thousands victims every month (350.000 in April 2018).
Now, Microsoft has improved the crawler for Azure AD Identity Protection customers with a new machine learning system that uses known attack patterns and add-ons data to enhance the effectiveness of attack detection.
"This new method of detecting password spray attacks is a great example of how we use the information we get from all Microsoft systems to extend and improve our protection. ”, Weinert added.
Built-in Azure AD password spray protection
Cybercriminals often spray password attacks through large botnets to access accounts, combining usernames with usually weak passwords. Also, criminals can hide failed attempts by using different IP addresses.
This also allows them to bypass automated defenses designed to block many failed login attempts.
The Azure AD Password Protection released in April 2019 (in a public preview from September 2019) to reduce the risks of passwοrd spray attacks, preventing users from choosing easy and weak passwords and drastically reducing the success rate of such attacks (at about 1%), says Weinert.