Citrix last month confirmed the FBI’s suspicions that hackers had used a technique known as “password spraying” to compromise the company’s networks before stealing a massive amount of sensitive information.
Password spraying is a type of brute force attack in which attackers test one weak password against many of an organization’s accounts before moving on to the next password and cycling through the accounts again. Since a reasonable amount of time passes before they attempt to log in to the same account again, the hackers can avoid being locked out for too many failed logins.
Amit Rahav says in Infosecurity Magazine that the Citrix hack is just one of many examples showing that passwords used by themselves are inadequate for security. If just one employee at a targeted organization is using a weak or commonly used password, attackers will likely breach their account.
Password spraying and other account hijacking schemes, such as credential stuffing, are increasing in popularity. If users haven’t implemented proper security measures, including multi-factor authentication, then their accounts are growing more vulnerable by the day. New-school security awareness training can teach your employees how to follow security best practices without causing them undue stress.
Infosecurity Magazine has the story: https://www.infosecurity-magazine.com/opinions/password-spraying-citrix-1/