Company

About Us

Achieving your business goals—that’s what we believe in. Difenda’s value-driven approach to cybersecurity puts your success first, without compromise.

Partners

Our partners benefit from the ability to provide their customers with a complete end-to-end services. Partners have 24×7 access to sales tools, marketing resources, training programs, and certifications through our partner portal.

Careers

Learn about our #peoplefirst culture and what it means to be a Difender. Join our mission to relentlessly ‘DIFEND’ our customers and deliver measurable cyber security outcomes.

Leadership

Our leadership team is comprised of savvy business leaders and security industry experts, bringing years of experience together to create security solutions that just work.

Resource Center

View our cybersecurity resource center to learn about protecting your organization.

Contact Us

We’re here to help and answer any questions you might have. We look forward to hearing from you!

Cyber Resources

Contact Us

Featured

Learn More

Difenda Shield

Difenda Shield

Difenda Shield is an integrated cybersecurity suite of modules that gives companies the tools they need to stay vigilant, agile, and collaborative.

Managed SIEM

Extend, simplify, and centralize your security visibility while automating advanced threat detection using the managed SIEM solutions.

MXDR for IT

Break through visibility barriers for improved security resiliency. Difenda MXDR closely integrates Microsoft 365 Defender, Microsoft Defender for Cloud and Microsoft Sentinel with 24/7/365 advanced threat hunting and detection for a unified SecOps environment.

Managed Endpoint Detection and Response

Difenda Managed EDR minimizes the gap between speed of compromise and speed of detection with proactive threat hunting and incident response services, reducing attacker dwell time and mitigating the potential impact of a breach.

MXDR for OT

MXDR for OT offers a turn-key agentless extended detection and response (XDR) that is rapidly deployed, works with diverse endpoints, IoT, OT, and industrial control system (ICS) devices.

Managed Cloud TDR

Defend cloud applications and database infrastructure from account compromise, insider threats, and access misuse. Keep your cloud environment safe and secure with built-in defense from your business environment to the Azure Cloud Platform.

AVM

Difenda AVM continuously monitors, detects and helps provide guidance on remediation items and configuration issues, minimizing the window of opportunity for attackers.

Managed Email TDR

Get peace of mind when it comes to data protection. Keep business communications safe and secure by automatically filtering your entire email network from phishing emails and online threats in minutes.

Incident Response

With proactive ransomware mitigation support, ransomware attack response services and digital forensics services, you will be back to business as fast as possible.

Cyber Resources

Contact Us

Featured

Microsoft Copilot Checklist

Professional Services

Advisory Services

Discover actionable steps to improve your cybersecurity posture. Gain efficiency in the short-term and build towards a long-term security infrastructure that can scale.

Offensive Security

We combine human expertise with sophisticated tools, proven methodologies and threat intelligence to ensure a thorough, in-depth approach to security testing and assessments.

Professional Services

We help you in designing and deploying Microsoft security technologies for your unique needs.

Workshops

Assess your security posture and create a personalized timeline for mitigation of potential threats.

Managed Services

Extend your ability to defend and manage with our extensive portfolio of managed services.

Difenda Works

Machine Identity Management integration with Venafi and ServiceNow.

Cyber Resources

Contact Us

Industries

Education

Graduate to a modern security program.

Manufacturing

Protect operational continuity to deliver your product or service.

Finance

Coming soon.

Healthcare

Coming soon.
Blog Home /
 Blog

Blog

Cybersecurity Advisory: Password Spraying Attacks

by

Oct 26, 2018

Cyber Attacks | Cybersecurity Advisory | Password Spraying

Malicious cyber actors are increasingly using a style of brute force attack known as password spraying attacks against organizations in the United States and elsewhere. 

Brute-force attacks traditionally attempt to gain unauthorized access to a user account by password-guessing techniques. A key symptom is frequent account lockouts as most organizations commonly allow 3 to 5 bad attempts and then account lock-out policies are triggered for a set period and access attempts are blocked from suspicious or infrequent IP addresses or specific locations. 

Password spraying attacks happen when threat actors employ a technique of avoiding excessive or frequent lockouts to remain undetected. One password is used against many accounts before attempting the second password. Typical targets are single sign-on accounts for internal as well as cloud-based applications, which once compromised provide the intruder with maximum access to confidential and proprietary information. Email is the best way to target novice users, who generally use email synchronization on multiple devices and once their account is compromised it provides these actors access to organizations’ emails, attachment files and internal contacts etc. 

Impact

A successful intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include: 

  • Temporary or permanent loss of sensitive or proprietary information; 
  • Disruption to regular operations; 
  • Financial losses incurred to restore systems and files; and 
  • Potential harm to an organization’s reputation. 

How to Prepare for and Avoid Password Spraying Attacks

  • Strongly consider employing Multi-Factor Authentication (MFA) for internet-facing business-critical applications and systems. 
  • Strictly enforce password policies on all business applications and IT assets for admins and end users 
  • Proactively monitor user account access from suspicious or blacklisted IP addresses and lockout attempts 
  • Implement best practices for user activity monitoring such as; Activity from infrequent locations, anonymous IP addresses, activity from suspicious IP addresses, unusual administrative activity etc. 
  • Educate the end users to use strong passwords and report password lockout incidents to IT Help-desk 

At Difenda Cyber Command Center, we are proactively monitoring our customers’ environments for user activities and have employed advanced monitoring and detection techniques and related use cases to identify access anomalies and brute-force attempts for privileged and normal user accounts. 

Refer to the US-Cert Advisory for more details.

Our Microsoft Security Services
Explore