Tuesday, October 27, 14:39
Home security Microsoft: Enhances password spray attack detection capabilities

Microsoft: Enhances password spray attack detection capabilities

Η Microsoft has significantly improved the password spray detection capabilities on Azure Active Directory (Azure AD) and has reached the point of detecting twice the number of breached accounts, thanks to a new system machine learning (ML).

password spray

"This new detection method is based on machine learning detects twice as many compromised accounts as the previous algorithmSaid Alex Weinert, Director of Microsoft Identity Security.

"It does this while maintaining the astonishing 98% accuracy of the previous algorithm - which means that if this algorithm says that an account has been compromised by password spray technique, it is almost certain that it has indeed been violated".

Machine learning is used for the most effective detection of attacks

Microsoft has developed a machine that focuses on detecting password spray attacks and has allowed the company to detect and alert hundreds of thousands victims every month (350.000 in April 2018).

According to Bleeping Computer, she the scanner provides Azure AD customers, access in the possibility Identity Protection (via Azure AD Premium P2 license), when a attack password spray.

Now, Microsoft has improved the crawler for Azure AD Identity Protection customers with a new machine learning system that uses known attack patterns and add-ons data to enhance the effectiveness of attack detection.

"This new method of detecting password spray attacks is a great example of how we use the information we get from all Microsoft systems to extend and improve our protection. ”, Weinert added.


Built-in Azure AD password spray protection

Cybercriminals often spray password attacks through large botnets to access accounts, combining usernames with usually weak passwords. Also, criminals can hide failed attempts by using different IP addresses.

This also allows them to bypass automated defenses designed to block many failed login attempts.

The Azure AD Password Protection released in April 2019 (in a public preview from September 2019) to reduce the risks of passwοrd spray attacks, preventing users from choosing easy and weak passwords and drastically reducing the success rate of such attacks (at about 1%), says Weinert.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...

More than 100 irrigation systems were left exposed on the internet

More than 100 smart irrigation systems were left exposed on the internet without a password last month, allowing anyone to access ...

Violation in Nitro Software most likely affects Google, Apple, Microsoft

Nitro PDF (Nitro Software) service has suffered a data breach, which is said to affect many well-known companies, such as Google, ...

Hacker steals $ 24 million from cryptocurrency service Harvest Finance

A hacker has stolen "cryptocurrency assets" worth about 24 million dollars from the decentralized financing service (DeFi) Harvest Finance, a web portal ...

Ransomware attack "hit" election database in Georgia, USA!

A ransomware attack hit Georgia, USA earlier this month, affecting a database used to verify ...

Data breach at the Sheriff's office in Hennepin

The Sheriff's Office in Hennepin County suffered data breaches, which resulted in the leak of information to about 1400 people.

Play Store: 21 Android apps with adware found

Google removed 15 Android apps from the Play Store over the weekend, according to a report from ...