Microsoft Improves Password Spray Attack Detection Using Machine Learning

Microsoft on Monday announced that it has developed a new algorithm based on machine learning that improves password spray detection in Azure Active Directory (Azure AD).

For those unaware, Password Spraying is a type of brute force attack that attempts to access a large number of accounts (usernames) with a commonly used password before moving on to attempt a second password, and so on.

Normally, many companies lock a user out after several failed login attempts (usually 3-5). Due to the nature of a password spraying attack, this method allows a malicious actor to remain undetected by avoiding quick or frequent account lockouts. Although the success rate per account is quite nominal, the attack is very difficult to detect.ย 

“This new machine learning detection yields a 100 percent increase in recall, meaning it detects twice the number of compromised accounts of the previous algorithm,” said Alex Weinert, Director of Identity Security at Microsoft.

“It does this while maintaining the previous algorithmโ€™s amazing 98 percent precisionโ€”meaning if this algorithm says an account fell to password spray, itโ€™s almost certain that it did.”

To detect password spray attacks, Microsoft previously built a heuristic detection, which helped the company identify the core failure in the system in their worldwide traffic. They were able to notify tenants of hundreds of thousands of attacks monthly (increased user risk) so they could protect their organizations.

Now, Microsoft has improved the credential compromise detection engine for Azure AD Identity Protection customers by training a new supervised machine learning algorithm incorporating IP reputation, unfamiliar sign-in properties, and other deviations in account behavior to detect when a tenant is under attack from password spray.

โ€œThis new machine learning detection yields aย 100 percent increase in recallย over the heuristic algorithm described above meaning it detectsย twice the number of compromised accountsย of the previous algorithm. It does this while maintaining the previous algorithmโ€™s amazingย 98 percent precisionโ€”meaning if this algorithm says an account fell to password spray, itโ€™s almost certain that it did,โ€ Weinert added.

The following screenshot provides a sample of the new risk detection:

DBada_1-1603483682332.png

The new password spray detection will be available soon to Azure AD Identity Protection customers, who can access the new risk detection reports in the portal and APIs for Identity Protection.ย 

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post