Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication (MFA) enabled.
A password-spray attack is where a miscreant tries to log into a number of accounts using one password, then waiting a while and trying again with another password, and repeating this over and over. It's a type of brute-force attack designed to avoid tripping monitoring systems that catch multiple failed logins to one account in a short period of time.
[
add
]
[
|
|
...
]