Recently we reported on a Windows 11 update that was designed to make brute force attacks, which see scammers setting up algorithms to methodically check every password combination possible until they get the right one, much harder to pull off. Unfortunately, the reasoning behind that move has become even more apparent as the software giant has released details about a rise in password spray attacks, a particular type of brute force attack, against Microsoft Outlook users. Here is what you need to know.
Microsoft has reported in one of its Tech Community blog posts that it has noticed a distinct rise in the number of password spray attacks being targeted at Microsoft Outlook. To combat these attacks the team has disabled the basic authentication features of the service.
If you are unsure about what exactly a password spray attack is or how it may affect you, check out the explanation below, which Microsoft included in the Tech Community blog post:
“A password spray attack is a type of brute force attack in which the attacker tries a large number of usernames with a list of common passwords against a target system to see if any will work. It’s often hard to detect as the username keeps changing; accounts don’t get locked because the account being attacked keeps changing. Attackers also distribute their efforts over their targets and keep changing their source IP.”
Basically, it is like throwing a load of passwords and login details at the system and seeing if any of it sticks. Although it might sound like a haphazard methodology, what it comes down to is being a numbers game and the fact is that computers are good at numbers.
The surest way to protect against these types of attacks is to enable two-factor authentication and set up an authentication app like Microsoft Authenticator or Google Authenticator or add a second email address for confirming your identity when logging into your Outlook services.
You should also check out our cybersecurity guide to help you stay as safe as possible when you are using online services.