A dramatic surge in password spray attacks targeting enterprise infrastructure, with Cisco ASA VPN systems experiencing an unprecedented 399% increase in attacks during Q1 2025, while Microsoft 365 authentication services saw a 21% rise in similar attacks. Unlike traditional brute-force attacks that target single accounts with multiple passwords, password spray attacks use common passwords against numerous usernames, effectively bypassing account lockout mechanisms and detection systems. Password spray attacks represent a sophisticated brute-force methodology that leverages globally distributed IP addresses through botnets and proxy services, making attribution highly challenging to security teams. “Cloud service providers like Microsoft 365 offer sophisticated brute force and password spray detection capabilities, while VPN systems may not have such robust monitoring systems,” Terlix report. Threat actors exploit weak password policies and partial Multi-Factor Authentication (MFA) deployments, particularly targeting organizations with inconsistent security implementations. The report specifically references the Midnight Blizzard threat group’s successful use of password spray techniques to compromise Microsoft’s corporate email accounts, highlighting the effectiveness of these methodologies against high-value targets. Interestingly, while Cisco ASA VPN and Microsoft 365 systems experienced increases in attack volume, Okta authentication services saw a sharp decrease in targeting. Security analysts suggest this shift may indicate either improved defensive measures by Okta or a strategic pivot by threat actors toward platforms with perceived weaker security implementations. This pattern suggests threat actors are conducting reconnaissance to obtain comprehensive username lists for specific organizations, either through data breaches or by inferring usernames through employee enumeration techniques.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 04 Jul 2025 07:25:08 +0000