microsoft sentinel, microsoft, security, microsoft

Microsoft has created a new “guided hunting notebook” for Microsoft Sentinel users that’s designed to detect so-called “low and slow” password spray attacks, according to a Thursday announcement.

With the password spray attack scenario, commonly used or leaked passwords are tried across an organization by an attacker to gain a foothold. Organizations may have blocking mechanisms in place for repeated password-guessing attempts, and so attackers have been switching using slower approaches to avoid such lockouts.

The low and slow password spray attack method has “become more common,” explained Amritpal Singh, a Microsoft Threat Intelligence Center data scientist. Attackers are using various open source tools for these attacks, as well as proxy services to disguise themselves, he added.

Singh suggested that “sophisticated adversaries,” namely nation-state attackers, have been using these low-and-slow attack methods. They can extend for as long as “months or years.”

Low and slow sprays are a variant on traditional password spray attacks that are being increasingly used by sophisticated adversaries such as NOBELIUM, STRONTIUM and HOLMIUM. These adversaries can randomize client fields between each sign in attempt, including IP addresses, user agents and client application. Some adversaries are willing to let the password spray campaigns run at a very low frequency over a period of months or years, making detection challenging.

The new hunting guide notebook for low and slow password spray attacks uses machine learning to sort through obfuscations used by attackers. It detects anomalous fields for failed sign-in attempts and checks for “invariant properties,” too. Organizations can run the notebook in Sentinel, Microsoft’s security information and event management solution, “from the ‘Templates’ tab in the Notebooks blade.”

The notebook needs to churn through “lots of historical log data (typically going back at least several months).” It may have to check through “over 100,000 log data files,” Singh noted. It’s potentially costly to run it, but Singh suggested that organizations could optimally use the Microsoft Synapse Spark pool to massively parallelize this operation.

“The Azure ecosystem acts as the single pane of glass providing SIEM, data ETL, big data analytics and ML,” Singh stated.

Organizations using the notebook can get a list of suspect user agents that can be monitored or blocked, Singh suggested.

These user agents could be used as the basis of a custom Sentinel analytic rule to monitor for success. Alternatively, the user agents could be blocked using conditional access.

It’s also possible to correlate the targeted accounts with Sentinel security alerts “to determine if a successful compromise has taken place.”

About the Author

Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.

TECH NEWS RELATED

Chivalry 2, Scorn, A Plague Tale: Requiem, and More Coming to Game Pass in October

Chivalry 2 is available today for Xbox consoles, PC, and cloud. Medieval Dynasty and Telltale's The Walking Dead Season 1 and 2 arrive on October 6th.

View more: Chivalry 2, Scorn, A Plague Tale: Requiem, and More Coming to Game Pass in October

Slime Rancher 2 keeps crashing or freezing on PC

Slime Rancher 2 is a recent first-person life simulation adventure video game that is already garnering the eyeballs of gaming enthusiasts. However, a lot of users have already started experiencing issues like crashing, freezing, and more in the Slime Rancher 2 game. Some users reported that the game keeps on ...

View more: Slime Rancher 2 keeps crashing or freezing on PC

Chivalry 2, Telltale’s The Walking Dead: Season 1 and 2, Scorn, A Plague Tale: Requiem, and More Coming to Game Pass in October

Chivalry 2 is available today for Xbox consoles, PC, and cloud. Medieval Dynasty and Telltale's The Walking Dead Season 1 and 2 arrive on October 6th.

View more: Chivalry 2, Telltale’s The Walking Dead: Season 1 and 2, Scorn, A Plague Tale: Requiem, and More Coming to Game Pass in October

Huge new dataset pushes limits of neuroscience

What to do with recordings from a whopping 300,000 mouse neurons?

View more: Huge new dataset pushes limits of neuroscience

Death Stranding 2 Rumors Resurface, With Reports That the Game Is Called “Ocean”

Once again, rumors of Death Stranding 2 have surfaced, this time reports claiming its production is under the codename “Ocean.” Despite Kojima keeping what he is working on a secret, rumors have emerged about what Kojima productions are working on Death Stranding 2. The rumors come to form a well-known leaker Dusk Golem. ...

View more: Death Stranding 2 Rumors Resurface, With Reports That the Game Is Called “Ocean”

Xbox Game Pass For First Half Of October Includes Four New Releases, Including Plague Tale Sequel

The first half of October 2022 on Game Pass is stacked.

View more: Xbox Game Pass For First Half Of October Includes Four New Releases, Including Plague Tale Sequel

Xbox Launches a Website to Show the Benefits of Its Activision Blizzard Buyout - IGN News - IGN

Microsoft has launched a website to show the benefits of Xbox's acquisition of Activision Blizzard, a deal that's been widely scrutinised for its potential effects on the industry.

View more: Xbox Launches a Website to Show the Benefits of Its Activision Blizzard Buyout - IGN News - IGN

How to show my computer windows 10 on my computer?

Just reinstalled Windows and turned it on and I can’t see where my computer is. Don’t worry, GhienCongList will show you how to show My Computer Win 10 on your computer. Usually after installing Windows or downloading a certain software, when restarting, you often can’t find the My Computer application, ...

View more: How to show my computer windows 10 on my computer?

Asus’ New Desktop PC Has Ports for USB Type-C And… PS/2?

Can’t Find a Raspberry Pi? Buy a Used NUC Instead

Ultraviolet metasurfaces can discriminate the handedness of biomolecules with attomolar sensitivity

Xbox Launches a Website to Show the Benefits of Its Activision-Blizzard Buyout

Performance Max import and 6 other new Microsoft product updates

4 ways to rename User Win 10 you may not know

What We Expect From the Microsoft Surface Fall 2022 Event

University of Illinois project supported by Apple and Google to make speech recognition more diverse

AMD Ryzen 9 7900X vs. Intel Core i9-12900K

Google Pixel Watch images surface online; Here’s what we know

How to Fix USB 3.0 Ports Not Working in Windows

Everything You Need to Use a PC With Your TV

OTHER TECH NEWS

Top Car News Car News