Reading time: 10 minutes
Password Spraying is a form of cyber attack similar to an brute force attack, where the hacker tries to gain access to the company system by testing out a small number of commonly used passwords on a large number of accounts. This attack allows an attacker to gain access to multiple accounts, without getting locked out of the system.
Procedure For The Attack
- Initially, in this attack the attacker first collects the multiple credentials using social engineering and other phishing methods.
- After collecting the multiple credentials, the attacker further applies one of the credentials to a large number of accounts through some automated tool.
- After completing the first round of attack, the attacker carries out the second round of attack with another credential after a period of time so that the attacker doesn't get locked out of the system.
Mititgation For The Attack
Enable two-factor authentication and use complex passwords that cannot be easily guessed. Always change the password frequently to avoid misuse of old stolen passwords.