Cisco’s cybersecurity researchers warned about a surge in password spraying attacks targeting Virtual Private Network (RAVPN) services, including its in-house products and some third-party ones. Hackers use this technique to gain unauthorized access to many accounts or systems.
These types of attacks are considered low-risk and high-profit and, therefore, attract considerable attention. As password spraying can remove account lockout mechanisms, cyber criminals usually use it to access networks and steal personal information.
When attackers perform password spraying attacks, they make numerous login attempts with a small number of commonly used passwords across several accounts. It helps the hackers avoid detection by evading multiple failed login attempts on a single account, which could trigger security alerts.
If the targeted device has security measures like account lockout policies that lock user accounts after several failed login attempts, these attacks can lock your accounts.
windowsreport.com
