In the last weeks of October, Microsoft promotes digital security efforts as part of its National Cyber Security Awareness Month (NCSAM) observance.
The company announced new initiatives to promote cyber awareness, revealed the Zero Trust Deployment Center, released one Adversarial ML Threat Matrix and started a pretty successful attack against the malicious botnet Trickbot.
The company now says it has developed a new algorithm based on machine learning that detects password sprays with significantly improved performance than its predecessor.
For those who don't know, a password spray attack is a relatively crude and common form of online attack in which one maliciousς user it attacks thousands of IPs with a few commonly used passwords instead of trying multiple passwords on a single user.
Although the success rate per account is not impressive enough, the attack is very difficult to detect.
To combat password spraying attacks, Microsoft created a mechanism that recognizes "basic system failure in ... worldwide traffic" and alerts organizations at risk. Today the company has improved this mechanism by training a new machine learning algorithm that it uses functions such as IP reputation, unknown connection properties, and other account discrepancies to detect when someone is being attacked by password spraying.
Microsoft claims that its new model has a 100% increase in recalls compared to the previous heuristic algorithm. This means it detects twice as many compromised accounts. In addition, it has 98% accuracy, which means that if the model claims that an account has been the victim of password spraying, then it is almost certainly true.
The new model will soon be available to Azure AD Identity Protection customers, who will be able to use it on portal and the APIs they use to protect their identity.
