
Microsoft Warns that Billions of Passwords are Compromised | ||
DESCRIPTION | ||
While a highly connected state fosters collaboration on an immense scale, it’s also a security nightmare. If a hacker gains access into a company’s network, they can potentially gain access to those company’s networks connected to it. That is referred to as a supply chain attack. Today, just about everyone has information somewhere on the internet, and many people use the same password to get access to this information. If an attacker obtains your credentials in an attack, they can potentially use those same credentials to access all of your information. Last week, Microsoft issued a stern warning that billions of passwords are compromised. Their Detection and Response Team (DART) reported that they have witnessed a dramatic increase in the number of “password spray” attacks this year. A spray attack is different than a traditional brute force attack in which an attacker perpetually tries to crack your password. There are two types of spray attacks:
The increase of these password spray attacks may be contributing to the record number of data breaches reported in 2021. In a congressional hearing in early October, the Identity Theft Resource Center reported that the number of breaches thus far in 2021 (1,291) has already eclipsed the total number of breaches reported in all of 2020 (1,108). | ||
IDENTIFY INDICATORS OF COMPROMISE (IOC) | ||
| ||
CONTAINMENT (If IOCs are identified) | ||
While it is recommended that users change their passwords regularly, it is essential to do so immediately once a compromised password has been reported. This means changing your password for every online account that compromised password has been used for. | ||
PREVENTION | ||
Users should never use just one password for everything. At the least, use multiple passwords amongst your accounts. Ideally, use a unique password for every account. | Prepare for cyber threats through an Incident Response Readiness program |
HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.