ACSC Releases Advisory on Password Spraying Attacks

Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.

The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.

The ACSC provides recommendations for organizations to detect and mitigate these types of attacks against their external services, such as webmail, remote desktop access, or cloud-based services.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ACSC advisory on password spraying attacks and the following CISA tips:
• Choosing and Protecting Passwords
• Supplementing Passwords

Archived Content

ACSC Releases Advisory on Password Spraying Attacks

JCDC Cultivates Pre-Ransomware Notification Capability

Cisco Releases Security Advisories for Multiple Products

CISA Releases Six Industrial Control Systems Advisories

Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments

Archived Content

ACSC Releases Advisory on Password Spraying Attacks

Related Advisories

JCDC Cultivates Pre-Ransomware Notification Capability

Cisco Releases Security Advisories for Multiple Products

CISA Releases Six Industrial Control Systems Advisories

Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments