Password Spraying Attack

Reading time: 10 minutes

password spraying attack

Password Spraying is a form of cyber attack similar to an brute force attack, where the hacker tries to gain access to the company system by testing out a small number of commonly used passwords on a large number of accounts. This attack allows an attacker to gain access to multiple accounts, without getting locked out of the system.

Procedure For The Attack

  1. Initially, in this attack the attacker first collects the multiple credentials using social engineering and other phishing methods.
  2. After collecting the multiple credentials, the attacker further applies one of the credentials to a large number of accounts through some automated tool.
  3. After completing the first round of attack, the attacker carries out the second round of attack with another credential after a period of time so that the attacker doesn't get locked out of the system.

Mititgation For The Attack

Enable two-factor authentication and use complex passwords that cannot be easily guessed. Always change the password frequently to avoid misuse of old stolen passwords.

MCQ

Question 1

Password Spraying is which kind of attack?

Dictionary
BruteForce
DDoS
Spoofing

Question 2

What should be enabled to prevent this type of attack?

OTP
Spam Filter
Facelock
2 Factor Authentication