Hackers have developed a new tool for carrying out attacks on Russian users, experts have warned about this. This method makes it easy to hack accounts that are not protected by complex passwords, which is fraught with theft of both personal data and banking information. For more information about how cyber attacks are organized using the password spraying method, how dangerous they are and how to protect yourself from them, read the Izvestia article.
What is the essence of the password spraying method
In terms of content, the attacks resemble bruteforce, or an automated search of credentials using a dictionary, an expert at the Solar 4RAYS cyber Threat research center told Izvestia Margarita Pavlova. According to her, the attackers rely on finding a login–password pair that guarantees them access to the system.
— The only difference is that classic attacks involve going through many passwords for one account," explains the specialist. — And in the case of spraying, multiple accounts are searched for a single password.
According to Margarita Pavlova, the attackers get the list of accounts from aggregated databases with leaks from various services. It's no secret that many people use the same phone numbers or email addresses for authentication, which makes it much easier for attackers to collect this data and use the same set on multiple services.
In addition, today there are many aggregated dictionaries consisting of frequently encountered passwords in various variations. Passwords are also compiled from leaks or are known alterations of "classic" variants, such as Qwe12345 and q1w2e3r4, the expert adds.
— After cybercriminals have tried to use a password for a list of accounts, they move on to the next one and repeat the attack for the same list, explains Kirill Kiryanov, head of the MaxPatrol SIEM (Positive Technologies) expertise department.
Who sprays passwords in Russia and how
Today, password spraying attacks occur regularly, and Russia is no exception, says Kirill Kiryanov. According to the expert, there are many botnets in the world that try to attack any open Internet service, such as mail or a form of authentication on a web server.
— APT groups (stable cybercrime communities in which the roles and responsibilities of the attackers are clearly distributed) They can also use this technique to gain primary access or develop an attack," Kirill Kiryanov notes.
According to the Solar JSOC Cyberattack Counteraction Center of Solar Group, in the III quarter of 2024, more than 70% of highly critical cyber incidents were related to the compromise of employee accounts. At the same time, according to Margarita Pavlova, one of the reasons for this growth is precisely the sharp increase in password spraying attacks.
Such attacks are often aimed at corporate accounts, mainly in the fields of finance, energy and public administration, says Dmitry Pavlovsky, an expert on cybersecurity at Angara Security. There is also a risk of such attacks in Russia, because many users still use weak and, most importantly, easy-to-enter passwords and do not apply additional security measures such as two-factor authentication.
— Some time ago, our colleagues analyzed 193 million passwords found publicly available on shadow resources, says Leonid Bezvershenko, an expert at Kaspersky GReAT. — Attackers could pick up almost half of them in less than a minute.
According to the expert, today the password spraying method remains an important tool in the hands of intruders targeting both users and organizations. At the same time, the risk of such attacks remains high not only because of the prevalence of weak passwords, but also because of the frequent reuse of the same codes by users.
What are the dangers of password spraying attacks
As a rule, the password spraying method is used if it is necessary to gain access to resources accessible via the Internet, Sergey Polunin, head of the Gazinformservice IT infrastructure solutions protection group, told Izvestia. At the same time, the resources can be very different — from e-mail servers to online stores.
— The brute—force password selection technique itself is probably one of the oldest hacking techniques, so its scope is extremely wide, — says the specialist.
According to Konstantin Gorbunov, an expert on network threats at the Security Code company, for ordinary users, if a password spraying attack is successfully implemented, the danger lies in the leakage of personal data, including bank notifications about transactions and account balances, as well as scans of documents and other private information.
For the corporate segment, the threats are the same, but new confidential information is added to them: the structure of the organization, the e-mail of counterparties, scanned copies of documents, and so on. To some extent, it may even be easier to implement such attacks in the corporate segment, since in many companies the user's login has a unified form and contains the initials or surname, as well as the company's domain.
— However, if the infrastructure is well protected from the point of view of information security, then it is more difficult to "break through the defenses" of organizations: firstly, the security system has several echelons, secondly, complex passwords are necessarily used in them, and thirdly— critical services and data they are isolated from the general IT infrastructure," says Konstantin Gorbunov.
In other words, even if an attacker uses spraying to select the password to an employee's account, he will not be able to affect the company's performance, since all internal resources are divided into independent segments.
Protection options
To protect themselves from hacking using the password spraying method, users should use complex combinations and periodically change them, since a strong password significantly complicates account hacking even in the event of a data leak, said Mikhail Nikolaev, Senior computer forensics coach at F6.
In addition, you should not use the same password for accounts on different services, adds Vitaly Fomin, head of the information security analyst group at the Digital Economy League.
According to the expert, the best solution would be to enable multi-factor authentication, which requires confirmation of identity from the incoming user. This will help prevent account hacking, even if an attacker gets access to your password. As the second authentication factor, you can choose a code in SMS or a letter to e-mail. For corporate accounts, the authentication can be done through "Yandex. Key" or Google Authenticator.
Companies should not forget about the timely collection and analysis of logs of systems and infrastructure, says the Director of information security "T1 Cloud" and "T1 Integration" Alex Kubarev.
An increase in the number of failed logins and blocked accounts may be a sign of an attack, Vitaly Fomin notes. It is also important to implement account blocking practices: for example, set a certain number of login attempts for each user. If this number is exceeded, the account will be automatically blocked. It is necessary to delete accounts of retired employees in a timely manner so that they do not become an entry window into the company's IT infrastructure, the expert concludes.
Переведено сервисом «Яндекс Переводчик»
