itman 1,752 Posted March 27, 2018 Share Posted March 27, 2018 (edited) Of note to Eset Endpoint installations: Quote Description In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow 3-to-5 bad attempts during a set period of time. During a password-spray attack (also known as the “low-and-slow” method), the malicious actor attempts a single password against many accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts. https://www.us-cert.gov/ncas/alerts/TA18-086A Edited March 28, 2018 by itman Link to comment Share on other sites More sharing options...
Recommended Posts