To end NCSAM, Microsoft is announcing a machine learning algorithm that will detect password spray attacks. It is available in Microsoft Azure AD Identity Protection. Importantly, Redmond says the tool provides significantly better results than the previous algorithm. Password spray attacks are a common type of digital attack that rely on fairly primitive methods. A bad actor will use thousand of IP addresses through a botnet with common passwords. This is different to a password attack on a single user where the actor will use many passwords. Instead, a spray attack uses a few common passwords but spread them across thousands of accounts looking for a hit. While the success rate is poor, these attacks are not easy to detect and when they do work they are dangerous. Researchers have found account users are much more likely to dismiss one or two failed login attempt notifications than they are multiple attempts.
Improving AI
Microsoft’s new AI can counter password spray attacks. In fact, the company has been combating these attacks with AI for some time. However, the older heuristic mechanism had some limitations. With the new model, Microsoft says the algorithm is stronger and looks at unfamiliar logins, IP reputation, and general account deviations. “The results of this research led to this month’s release of the new password spray risk detection. This new machine learning detection yields a 100 percent increase in recall over the heuristic algorithm described above meaning it detects twice the number of compromised accounts of the previous algorithm. It does this while maintaining the previous algorithm’s amazing 98 percent precision—meaning if this algorithm says an account fell to password spray, it’s almost certain that it did.”
