Last year, the United States Computer Emergency Readiness Team (US-CERT) issued an alert that hackers were targeting organizations in the United States with a ­massive wave of attacks based on ­successful guesses of common passwords.

These password-spray attacks seek to identify accounts at targeted organizations that use common or simple passwords, and then use those accounts to steal sensitive information. Nine Iranian nationals were indicted last year in New York for hacks of U.S. universities, companies and government agencies using this method.

In a password-spray attack, the attacker does not need advance knowledge of a user’s password. Unlike social engineering, in which the attacker tricks a user into revealing his or her password, spray attacks rely on the fact that, unless prevented, users will choose easy-to-remember passwords.

Published May 2019 in FedTech Magazine.

Read the full article: Password-Based Attacks Pose New Dangers for Agency Networks