Threat, Vulnerabilities and Mitigations: Indicators of Password Attacks

Question 1

What are indications of Password Attacks?

Answer 1

Unusual amount of failed log in attempts
Unusual Login Activity
Account Lockouts
Unexpected Password Change Notifications
Unauthorized Account Access
Security Alerts
Slow System Performance
IP Address Blocking
Unexpected Two-Factor Authentication (2FA) Requests
Social Engineering Attempts

Question 2

What is a dictionary attack?

Answer 2

A dictionary attack is a method used to break into a password-protected system or account by systematically entering every word in a predefined list (dictionary) of possible passwords. This list typically contains common passwords, words found in dictionaries, and variations of those words.

This can also use added characters at the front or end of a possible password eg 23Dog23!

Question 3

What is a brute force attack?

Answer 3

Pure brute force, which often is indicated by unexpected failures:

Windows Server:

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

Event Viewer > Windows Logs > Security

Linux SSH Server

Look for abnormally amount of Failed Log in attempts

Question 4

What is spraying?

Answer 4

Spraying – Take commonly used password and try to log into Computers in greater numbers of the chance logging into a computer

https://attack.mitre.org/techniques/T1110/003/

Question 5

What is credential stuffing?

Answer 5

Credential stuffing – Take known data breaches and re-use those password to gain access

https://attack.mitre.org/techniques/T1110/004/