In the last weeks of October, Microsoft promotes digital security efforts as part of its National Cyber Security Awareness Month (NCSAM) observance.
The company announced new initiatives to promote cyber awareness, revealed the Zero Trust Deployment Center, released one Adversarial ML Threat Matrix and started a pretty successful attack against the malicious botnet Trickbot.
Now the company said it has developed a new algorithm based on mechanics learning which detects password spray attacks with significantly improved performance over its previous mechanism.
For those who don't know, a password spray attack is a relatively crude and common form of cyber attack in which a malicious user attacks thousands of IPs with a few commonly used codeinstead of trying multiple passwords on a single user.
Although the success rate per account not impressive enough, the attack is very hard to detect.
To combat password hacking attacks, Microsoft has created a mechanism that recognizes "the system's major στο worldwide traffic failure" and alerts endangered organizations. Today the company has improved this mechanism by training a new machine learning algorithm that uses features such as IP reputation, unknown login properties and other account divergences to detect when someone is being attacked by password spraying.
Microsoft claims that its new model has a 100% increase in recall compared to the previous heuristic algorithm. This means that it detects twice the number of compromised accounts. In addition, it has 98% accuracy, which means that if the model claims that an account has been hacked by a password, then it is almost certainly true.
The new model will soon be available to Azure AD Identity Protection customers, who will be able to use it on portal and the APIs they use for it protection of their identity.
