What’s is more freaky than the Halloween movies you have been watching? Real-life hackers! Microsoft has identified an uptick in the use of “password spray” attacks over the past 12 months.
Hackers are gathering a list of usernames and passwords that have leaked online while plugging them into various websites.
These cybercriminals hope to come across a working combination that gives them access to someone’s email or social media accounts.
From there, they can attempt to break into more sensitive accounts such as your bank or iCloud. Scary stuff!
The attacks were identified by Microsoft’s Detection and Response Team (DART), which is dedicated to identifying the latest cyberattack methods.
“They are different from brute-force attacks, which involve attackers … attempting to attack a small number of user accounts.” says, researchers.
Two commonly used kinds of password sprays have been detected.
One involves matching known usernames to commonly used passwords, such as “password” or “123456”.
The hackers hope is to “guess” the correct combination for as many users as possible.
The second technique involves usernames and passwords that have been leaked online by crooks in the past.
The 2012 LinkedIn hack, for instance, saw the usernames and passwords of 6.5million users stolen by cybercriminals and sold online.
Google estimates that over 4 billion username and password combinations have leaked in recent years.
“This creates a repeating cycle attack pattern, where one compromised account can lead to access to resources where additional credentials can be harvested, and thus even further resource access.”
Are Your Passwords Safe?
Fill out the form below and receive Reis Informatica’s password tips!
Source: The US Sun