How Machine Learning Helps Against Password Spraying Attacks
Machine learning is a term that is being tossed around a lot in recent years, in various contexts. In late October 2020, Microsoft announced a new "credential compromise detection" tool added to its arsenal that uses machine learning to spot password spraying attacks.
Password spraying is a method of attempting unauthorized logins into accounts, in an effort to breach them. What differentiates password spraying from password stuffing or brute forcing is that while the latter two methods often rely on bombarding an account with login attempts, using either stolen or generated credentials, password spraying attempts to feed just a small handful of commonly used passwords into a huge number of accounts.
The restraint used with password spraying when it comes to attempting to breach an account is because a very large number of login portals and services have a login attempt limit that other attacks can very easily trip and lock any further logins for a set time.
This also trips up any security protocols that monitor for unusual spikes in login attempts. Password spraying attacks hope to remain undetected and fish out accounts that use very common passwords by attempting just a small handful of them on each account, never ringing any alarm bells in the process.
Machines to the rescue
However, Microsoft announced a new system that relies on machine learning algorithms to detect password spraying attempts. With an installed userbase as huge as Microsoft's, the company has figured out a way to spot instances when the same password is being fed into thousands and thousands of accounts at pretty much the same time, indicating an attempt at password spraying.
The system is still being finalized and will be added to Azure ActiveDirectory as an identity protection feature. The machine learning algorithms will also be able to detect a number of other peculiarities in account behavior, including IP reputation and unusual sign-in properties.
Azure ActiveDirectory is Microsoft's solution aimed at cloud identity and access services, which allows users to access documents and resources across Microsoft's family of products, as well as customer cloud applications.